code/windows/get-stored-credentials-cmdkey.yaml

id: get-stored-credentials-cmdkey

info:
  name: Get Stored Credentials - cmdkey
  author: pussycat0x
  severity: high
  description: |
    The cmdkey /list command in Windows is used to list all the stored credentials on the system. These credentials can include saved usernames and passwords for network resources, websites, or remote computers.
  metadata:
    verified: true
  tags: code,windows,privesc,ps,enum

self-contained: true

code:
  - engine:
      - powershell
      - powershell.exe

    args:
      - -ExecutionPolicy
      - Bypass
      - -File

    pattern: "*.ps1"

    source: |
      cmdkey /list

    extractors:
      - type: dsl
        dsl:
          - response
# digest: 4a0a00473045022015e9929e942aa2e02815129c94477f42eb4a6c7632693abe6024f5f3116a63e3022100af0ba71a9a190d9f08f9764fdb777ed2a907b6592070f52b80ecbfb541b01f50:922c64590222798bb761d5b6d8e72950
Create get-stored-credentials-cmdkey.yaml 2024-10-14 15:48:25 +05:30			`id: get-stored-credentials-cmdkey`

			`info:`
			`name: Get Stored Credentials - cmdkey`
			`author: pussycat0x`
			`severity: high`
			`description: \|`
Update get-stored-credentials-cmdkey.yaml 2025-06-16 14:59:06 +05:30			`The cmdkey /list command in Windows is used to list all the stored credentials on the system. These credentials can include saved usernames and passwords for network resources, websites, or remote computers.`
			`metadata:`
			`verified: true`
Update get-stored-credentials-cmdkey.yaml 2025-06-12 15:30:02 +05:30			`tags: code,windows,privesc,ps,enum`
Create get-stored-credentials-cmdkey.yaml 2024-10-14 15:48:25 +05:30
			`self-contained: true`
Update get-stored-credentials-cmdkey.yaml 2025-06-16 14:59:06 +05:30
Create get-stored-credentials-cmdkey.yaml 2024-10-14 15:48:25 +05:30			`code:`
			`- engine:`
			`- powershell`
			`- powershell.exe`
Update get-stored-credentials-cmdkey.yaml 2025-06-16 14:59:06 +05:30
Create get-stored-credentials-cmdkey.yaml 2024-10-14 15:48:25 +05:30			`args:`
			`- -ExecutionPolicy`
			`- Bypass`
			`- -File`
Update get-stored-credentials-cmdkey.yaml 2025-06-16 14:59:06 +05:30
Create get-stored-credentials-cmdkey.yaml 2024-10-14 15:48:25 +05:30			`pattern: "*.ps1"`
Update get-stored-credentials-cmdkey.yaml 2025-06-16 14:59:06 +05:30
Create get-stored-credentials-cmdkey.yaml 2024-10-14 15:48:25 +05:30			`source: \|`
			`cmdkey /list`

			`extractors:`
			`- type: dsl`
			`dsl:`
			`- response`
chore: sign templates 🤖 2025-06-16 11:52:19 +00:00			`# digest: 4a0a00473045022015e9929e942aa2e02815129c94477f42eb4a6c7632693abe6024f5f3116a63e3022100af0ba71a9a190d9f08f9764fdb777ed2a907b6592070f52b80ecbfb541b01f50:922c64590222798bb761d5b6d8e72950`