credhist¶
$ target-query <path/to/target> -f credhist
Module |
|
Output |
|
Module documentation
Windows CREDHIST file parser.
Windows XP: C:\Documents and Settings\username\Application Data\Microsoft\Protect\CREDHIST
Windows 7 and up: C:\Users\username\AppData\Roaming\Microsoft\Protect\CREDHIST
Function documentation
Yield and decrypt all Windows CREDHIST entries on the target.