DaveHope.co.uk

Decrypting DPAPI (aspnet_setreg) stored credentials

I came across a problem at work where I needed to recover credentials that had been stored in the registry using .Net’s DPAPI (aspnet_setreg). Thankfully the open source NCrypto library came to the rescue.

Here’s a simple bit of code making use of the NCrypto.Security.Cryptography assembly to decrypt the data:

<%@ Page Language="C#" Debug="true" %>
<script language="C#" runat="Server">
protected void Page_Load(object sender, System.EventArgs e)
{
byte[] regUsername;
byte[] regPassword;
string strUsername;
string strPassword;
Microsoft.Win32.RegistryKey reg;

reg = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\NWtraders\Login\ASPNET_SETREG");
regUsername = (byte[])reg.GetValue("username"); regPassword = (byte[])reg.GetValue("password");
strUsername = Encoding.Unicode.GetString( NCrypto.Security.Cryptography.ProtectedData.Unprotect( regUsername ) ); strPassword = Encoding.Unicode.GetString( NCrypto.Security.Cryptography.ProtectedData.Unprotect( regPassword ) );
System.Web.HttpContext.Current.Response.Write( strUsername ); System.Web.HttpContext.Current.Response.Write( strPassword ); } </script>

Throw the .dll in your bin folder or GAC and you’re good to go. Make sure you’ve got access to the relevant registry keys used though.

Comments

Leave a Reply