Lateral movement

Group Policy Preferences with cpassword

  • Non-platform specific


We have found Group Policy Preferences file '{CpasswordFile}' with cpassword for {CpasswordFile.Cpasswords}. A cpassword is used for setting passwords from the Group Policy Preferences. Cpasswords are encrypted using a weak encryption algorithm, which can be easily decrypted and used for lateral movement