/goLAPS

Go setter/getter for property ms-Mcs-AdmPwd used by LAPS.

Primary LanguageGo

A simple way to read and write LAPS passwords from linux.
GitHub release (latest by date) YouTube Channel Subscribers

This script is a go setter/getter for property ms-Mcs-AdmPwd used by LAPS inspired by @swisskyrepo's SharpLAPS in C#.

Require (either):

  • Account with ExtendedRight or GenericRead to get LAPS passwords
  • Account with ExtendedRight or GenericWrite to set LAPS passwords
  • Domain Admin privileges

Usage

                __    ___    ____  _____        
   ____ _____  / /   /   |  / __ \/ ___/       
  / __ `/ __ \/ /   / /| | / /_/ /\__ \      
 / /_/ / /_/ / /___/ ___ |/ ____/___/ /         
 \__, /\____/_____/_/  |_/_/    /____/    v1.2
/____/           @podalirius_                   

[!] Option -host <host> is required.
Usage of ./bin/goLAPS:
  -debug
    	Debug mode
  -domain string
    	(FQDN) domain to authenticate to.
  -hashes string
    	NT/LM hashes, format is LMhash:NThash.
  -host string
    	IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted it will use the domain part (FQDN) specified in the identity parameter.
  -password string
    	password to authenticate with.
  -port int
    	Port number to connect to LDAP server.
  -quiet
    	Show no information at all.
  -use-ldaps
    	Use LDAPS instead of LDAP.
  -username string
    	User to authenticate as.

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.