Collecting Saved Login Credentials

Some applications can save login information as a convenience for the user. Examples of applications that have some form of password auto-completion are:

Internet Explorer
MSN Messenger
Outlook Express
Outlook 2003 & 2007
Firefox
Putty
Thunderbird
Trillian
Yahoo Messenger

In some cases it is possible to recover these credentials. To attempt recovering saved credentials from a compromised host, follow this procedure:

Select an appropriate agent to collect credentials. The agent must be running on the host where you want to search for login credentials.
Run any of "Password Dump from ..." modules from the Information Gathering/Local folder.
The module will start to attempt to recover credentials on the compromised host. Obtained credentials will be added to the host entity as properties.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
21.5 | 202405150308 | May 2024