Search Local Passwords - PowerShell for Pentesters (PSSE)

Hey everyone. This is my take on the 4th task for the PowerShell for Penetration Testers exam, writing a registry scraper to look for passwords in the registry. I actually expanded on that task, and made a collection of several functions I like leveraging for finding clear text passwords stored on the system. Some of these can be used to privilege escalate or gain access to new systems, but the general idea here was to harvest readily usable credentials. It can currently produce Windows Vault credentials, stored wireless credentials, autologon credentials, group policy preference credentials and stored LSA secrets, all clear text. Many of the functions I leverage here have been put together by other hackers in many languages throughout the years, so I have to give credit where credit is due with these various techniques employed in this collection script. None the less, it is effective in finding clear text credentials running on the victim machine. I've included this script in my PSSE collection, please check it out! You can see all of my favorite credential searches in there. I've also included a post exploitation video by Nikhil, the class instructor, and you should check out his credentials gathering scripts as well!!



This blogpost has been created for completing the requirements of the SecurityTube PowerShell for Penetration Testers Certification Exam:
https://www.securitytube-training.com/online-courses/powershell-for-pentesters/ 
Student ID: PSP-3061