CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/post/windows/gather/bitlocker_fvek.md
Views: 1904
Vulnerable Application
This module enumerates ways to decrypt a Bitlocker volume and if a recovery key is stored locally or can be generated, dump the Bitlocker master key (FVEK)
Verification Steps
Start msfconsole
Get meterpreter session
Do:
use post/windows/gather/bitlocker_fvek
Do:
set SESSION <session id>
Do:
set DRIVE_LETTER <letter>
Do:
run
Options
DRIVE_LETTER
Dump information from the DRIVE_LETTER encrypted with Bitlocker.
RECOVERY_KEY
Use the recovery key provided to decrypt the Bitlocker master key (FVEK).
SESSION
The session to run this module on.