• We just launched and are currently in beta. Join us as we build and grow the community.

Credential Dumping: Windows Autologon Password

H3LLCA7I

Champion
H Rep
0
0
0
Rep
0
H Vouches
0
0
0
Vouches
0
Posts
35
Likes
157
Bits
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 400 XP
Autologon helps you to conveniently customize the built-in Autologon mechanism for Windows. Rather than waiting for a user to enter their name and password, Windows will automatically log in to the required user using the credentials you submit with Autologon, which are encrypted in the registry.


In this post, we will try to dump the stored autologin credentials with the help of two different tools.


Let’s see the settings for autologin, first, you need to access the User Accounts Control Panel using netplwiz command inside the run prompt.

1.png


Choose the account for autologon, for example, we have selected user Raj.

2.png


Enter your password once and then a second time to confirm it and uncheck the box “
Users must enter a user name and password to use this computer
” then click OK.

3.png


Method 1: Nirsoft-Network Password Recovery

Network Password Recovery is very easy to use, install and run the tool on the local machine whose password you chose to extract. It will dump the stored credential for the autologon account.

You can download this tool from here

4.png


Method 2: DecryptAutologon.exe

This tool can extract/decrypt the password that was stored in the LSA by SysInternals AutoLogo.

You can download its Compiled Version HERE

Run the downloaded .exe as shown in the given image, it will dump the password in the Plain text.

5.png


Author: Vishva Vaghela is a Digital Forensics enthusiast and enjoys technical content writing. You can reach her on Here
 

432,073

312,529

312,538

Top