get-stored-credentials-cmdkey: Get Stored Credentials - cmdkey

日期: 2025-08-01 | 影响软件: get stored credentials cmdkey | POC: 已公开

漏洞描述

The cmdkey /list command in Windows is used to list all the stored credentials on the system. These credentials can include saved usernames and passwords for network resources, websites, or remote computers.

PoC代码[已公开]

id: get-stored-credentials-cmdkey

info:
  name: Get Stored Credentials - cmdkey
  author: pussycat0x
  severity: high
  description: |
    The cmdkey /list command in Windows is used to list all the stored credentials on the system. These credentials can include saved usernames and passwords for network resources, websites, or remote computers.
  metadata:
    verified: true
  tags: code,windows,privesc,ps,enum

self-contained: true

code:
  - engine:
      - powershell
      - powershell.exe

    args:
      - -ExecutionPolicy
      - Bypass
      - -File

    pattern: "*.ps1"

    source: |
      cmdkey /list

    extractors:
      - type: dsl
        dsl:
          - response
# digest: 4a0a00473045022015e9929e942aa2e02815129c94477f42eb4a6c7632693abe6024f5f3116a63e3022100af0ba71a9a190d9f08f9764fdb777ed2a907b6592070f52b80ecbfb541b01f50:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/get-stored-credentials-cmdkey.yaml