Windows Gather WinSCP Saved Password Extraction
This module extracts weakly encrypted saved passwords from WinSCP. It searches for saved sessions in the Windows Registry and the WinSCP.ini file. It cannot decrypt passwords if a master password is used.
Rank
- Normal
Authors
- TheLightCosine < thelightcosine [at] gmail.com >
Development
Similar Modules
- post/windows/gather/credentials/coreftp
- post/windows/gather/credentials/credential_collector
- post/windows/gather/credentials/dyndns
- post/windows/gather/credentials/enum_cred_store
- post/windows/gather/credentials/enum_picasa_pwds
- post/windows/gather/credentials/epo_sql
- post/windows/gather/credentials/filezilla_server
- post/windows/gather/credentials/flashfxp
- post/windows/gather/credentials/ftpnavigator
- post/windows/gather/credentials/idm
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/gather/credentials/winscp
msf post(winscp) > set SESSION [INTEGER]
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/gather/credentials/winscp
msf post(winscp) > set SESSION [INTEGER]
Module Options
| SESSION | The session to run this module on. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |