Cached Creds

Windows caches the credentials of applications and domain credentials in the registry. This setting can be checked under the "Cached Creds" section of winPEAS executable. If the number is greater than 0 then there is a possibility of cached creds being available.

For example, putty caches its creds in the registry and it can be viewed using the following command,

reg query "HKCU\Software\SimonTatham\PuTTY\Sessions"

PreviousFiles & Filesystems NextWindows PE

Last updated 5 months ago