Clear-text files

Locations for Windows Credentials

  1. Command History

    C:\Users\USER\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

  2. Configuration Files

    • Credentials can often be stored in configuration files for web applications, FTP servers, or other services.

  3. Files Related to Windows Applications

    • Applications like internet browsers and email clients may store credentials.

  4. Backup Files

    • Backup files might include sensitive data or credentials.

  5. Shared Files and Folders

    • Credentials may be exposed in shared directories or improperly secured files.

  6. Windows Registry

    reg query HKLM /f password /t REG_SZ /s

  7. Source Code

    • Hardcoded credentials may be found in source code files.

PreviousCredentials HarvestingNextSecurity Account Manager (SAM)

Last updated