Rapid7 Vulnerability & Exploit Database

Windows Gather Skype Saved Password Hash Extraction

Back to Search

Windows Gather Skype Saved Password Hash Extraction



This module finds saved login credentials for the Windows Skype client. The hash is in MD5 format that uses the username, a static string "\nskyper\n" and the password. The resulting MD5 is stored in the Config.xml file for the user after being XOR'd against a key generated by applying 2 SHA1 hashes of "salt" data which is stored in ProtectedStorage using the Windows API CryptProtectData against the MD5


  • mubix <mubix@hak5.org>
  • hdm <x@hdm.io>




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security