SYSVOL
share. All domain users have read access to it. This means all domain users can read the encrypted password set in Group Policy Preferences, and since Microsoft published the encryption key around 2012, the password can be decrypted.xml
files and loot for passwords.smb_enum_gpp
module), however it requires mounting the SYSVOL
share, which can't be done through a docker environment unless it's run with privileged rights.Groups.xml
, Services.xml
, Scheduledtasks.xml
, DataSources.xml
, Printers.xml
and Drives.xml
files and returns plaintext passwordscpassword
string in xml files and by then manually decrypting the matches.