SCOMDecrypt
- Thiru T
- Nov 15, 2024
- 1 min read
This tool is designed to retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases.
NCC blog post - 'SCOMplicated? – Decrypting SCOM “RunAs” credentials'
Pre-requisites:
To run the tool you will require administrative privileges on the SCOM server. You will also need to ensure that you have read access to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\System Center\2010\Common\MOMBins
You can check manually that you can see the database by gathering the connection details from the following keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\System Center\2010\Common\Database\DatabaseServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\System Center\2010\Common\Database\DatabaseName
Install: (PS1)
git clone https://github.com/nccgroup/SCOMDecrypt
cd .\SCOMDecrypt\SCOMDecrypt\
. .\Invoke-SCOMDecrypt.ps1
Install: (Compile)
Using Visual Studio 2019 Community Edition you can compile the SCOMDecrypt binary.
Open the SCOMDecrypt project .sln, choose "Release", and build.
Usage:
# PS1
Invoke-SCOMDecrypt
# Compiled C# binary
.\SCOMDecrypt.exe
Comments