atomic-red-team/Windows/Credential_Access/Credentials_in_Files.md

13 lines
335 B
Markdown
Raw Normal View History

# Credentials in Files
MITRE ATT&CK Technique: [T1081](https://attack.mitre.org/wiki/Technique/T1081)
## Group Policy Preference
[Payload](Payloads/Get-GPPPassword.ps1)
[PowerSploit Source](https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1)
Input:
Get-GPPPassword -Server EXAMPLE.COM