PowerMemory - Exploit the credentials present in files and memory.

PowerMemory – Exploit the credentials present in files and memory.

The purpose of this script is to make a proof of concept of how retrieve Windows credentials with Powershell and CDB Command-Line Options (Windows Debuggers). It allows to retrieve credentials from windows 2003 to 2012 and Windows 10 (it was tested on 2003, 2008r2, 2012, 2012r2 and Windows 7 – 32 and 64 bits, Windows 8 and Windows 10 Home edition.

Get Windows passwords Function

Get Windows passwords Function

Features:
+ it’s fully PowerShell
+ it can work locally, remotely or from a dump file collected on a machine
+ it does not use the operating system .dll to locate credentials address in memory but a simple Microsoft debugger
+ it does not use the operating system .dll to decypher passwords collected –> it is does in the PowerShell (AES, TripleDES, DES-X)
+ it breaks undocumented Microsoft DES-X
+ it works even if you are on a different architecture than the target
+ it leaves no trace in memoryless

Dump FIle

Dump File

This tools explains how to use my PowerShell tool to reveal the passwords used by users of the computers running under Windows 2003, 2008R2, 2012, 2012r2, Windows XP, 7 (32 and 64 bits) 8, and 8.1
Steps below are :
1) Get the tool
2) Extract the files in the ZIP
3) Launch PowerShell with Administrator Rights
4) Prepare your environment
5) Open the tool into PowerShell
6) Launch the tool
7) Get Windows 7/Windows server 2008 password

Download : PowerMemory.zip(1.32 MB)  | Clone Url
Source : https://github.com/giMini