CyberArkTools
April 27, 2023 ยท View on GitHub
Some Python tooling to try to decrypt CyberArk .cred credential files
Verification Flag Breakdown
Vendor Documentation: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/CreateCredFile-Utility.htm#CreateCredFileparameters
Application Type (--apptype)
This restriction limits what application types are able to use the .cred file. The options for this are:
- CPM
- PVWA
- PVWAApp
- AppPrv
- PSMApp
- CABACKUP
- DR
- ENE
- WINCLIENT
- GUI
- PACLI
- XAPI
- NAPI
- EVD
- CACrypt
OS Username (--username)
The name of the user who can use this file. Typically specified in "domain\username" format. Example: SYSTEM -> "nt authority\system". This will normally also be a specific user created in the vault for initial setup purposes. In some cases, this user can be cyberark specific and will not exist on the Active Directory domain.
Executable Path (--exepath)
Full path to the executable that is using the file.
Machine IP (--machineip)
IP of the machine the .cred file is used on. In most cases this will be the local machine the file was found on, but CAN be a remote system.
Machine Hostname (--hostname)
Hostname of the system the .cred file is used on. FQDN not required. In most cases this will be the local machine the file was found on, but CAN be a remote system.