Rapid7 VulnDB

Windows Gather AutoLogin User Credential Extractor

Back to Search

Windows Gather AutoLogin User Credential Extractor

Created
05/30/2018

Description

This module extracts the plain-text Windows user login password in Registry. It exploits a Windows feature that Windows (2000 to 2008 R2) allows a user or third-party Windows Utility tools to configure User AutoLogin via plain-text password insertion in (Alt)DefaultPassword field in the registry location - HKLM\Software\Microsoft\Windows NT\WinLogon. This is readable by all users.

Author(s)

  • Myo Soe

Platform

Windows

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;