2\/lets decode the encrypted machine blob<\/p>\n
NTHASH-win64.exe \/decodeblob \/data.blob<\/strong><\/p>\n ->note dwflags=4=machine<\/p>\n 3\/lets retrieve the dpapy system key & decrypt the masterkey<\/p>\n NTHASH-win64.exe \/dumpsecret \/input:dpapi_system \/system<\/strong> NTHASH-win64.exe \/decodemk 4\/lets decrypt the encrypted machine blob<\/p>\n nthash-win64 \/decodeblob \/binary:data.blob \/input:54017C46F5651B9627831F87050694FAD1B4DB31<\/strong> 70617373776F7264 is hexa form of password<\/p>\n 5\/conclusion<\/p>\n Similar to system blobs, once you have the dpapi system key, it is rather trivial to decrypt such blob. In previous articles, we have seen how to decrypt user blobs and system blobs. Lets now have a look at machine blobs : a blob which can be decrypted by any user provided it is decrypted on the same machine – as opposed to user blobs which can only be decrypted by the user. 5 […]<\/a><\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[118],"tags":[],"class_list":["post-2257","post","type-post","status-publish","format-standard","hentry","category-nthash","category-118-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2257"}],"version-history":[{"count":9,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2257\/revisions"}],"predecessor-version":[{"id":2285,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2257\/revisions\/2285"}],"wp:attachment":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/i.imgur.com\/U52EJFK.png\")
<\/p>\n
\nNTHASH 1.7 x64 by erwan2212@gmail.com
\nImpersonate:Syst?me
\nFull:xx3CA961B1DCExxDF06CB359D981C1A3EB1D47xxxx398A7D34786F8DxxC152F318A4EDFFAxx
\n2F73F
\nMachine:xx3CA961B1DCExxDF06CB359D981C1A3EB1D47xx
\nUser:xx398A7D34786F8DxxC152F318A4EDFFAF02F7xx<\/p>\n
\n\/binary:C:\\Windows\\System32\\Microsoft\\Protect\\S-1-5-18\\90d6942d-4f31-4638-b756-d11efa906e52
\n\/input:xx398A7D34786F8DxxC152F318A4EDFFAF02F7xx<\/strong>
\n**** Unprotecting MasterKey ****
\nKEY:xx99D247D53699114CA06378DB77E4xxDD08A6BABBDB5277EB59C8309DBA8AA8B2D4C7990052
\n5F2FEE3909AC3894931093DxxD4BED96484791E2DCF512EB38E7
\nSHA1:xx017C46F5651Bxx27831F87050694FAD1B4DBxx<\/p>\n
\nNTHASH 1.7 x64 by erwan2212@gmail.com
\n**** Unprotecting Blob ****
\nBlob:70617373776F7264<\/p>\n
\nFurthermore, it is not recommanded to use machine blobs to store secrets as any user on that machine will be able to decrypt it.<\/p>\n","protected":false},"excerpt":{"rendered":"