GPP attacks are a type of attack that targets the Group Policy Preferences feature in Microsoft Windows
Group Policy Preferences are a set of tools that allow administrators to configure and deploy settings to client computers in a Windows domain
these preferences are often stored in an easily accessible format that can be used by attackers to obtain passwords or other sensitive information
In a GPP attack, the attacker seeks out the stored passwords and then uses them to gain access to other systems or resources
another type of attack that targets the same Group Policy Preferences feature in Microsoft Windows. When administrators use the Group Policy Preferences feature to set a password, the password is encrypted with a publicly known encryption key. This means that if an attacker gains access to the encrypted password, they can use a publicly available tool to decrypt it and obtain the password in plaintext. This can allow the attacker to gain unauthorized access to systems or resources.
and there’s a tool called GPP-decrypt that decrypt the hashes .
The gpp-decrypt tool works by extracting the encrypted password from the Group Policy Preferences files and then using a known decryption key to decrypt the password. This allows the tool to reveal the plaintext password that has been set using Group Policy Preferences.