{"id":3987,"date":"2016-01-26T02:48:05","date_gmt":"2016-01-25T18:48:05","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3987"},"modified":"2017-10-29T20:19:05","modified_gmt":"2017-10-29T12:19:05","slug":"rwmc-retrieve-windows-credentials-powershell","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/01\/rwmc-retrieve-windows-credentials-powershell\/","title":{"rendered":"RWMC – Retrieve Windows Credentials With PowerShell"},"content":{"rendered":"
RWMC is a Windows PowerShell script written as a proof of concept to Retrieve Windows Credentials using only PowerShell and CDB command-line options (Windows Debuggers).<\/p>\n
<\/p>\n
It allows to retrieve credentials from Windows 2003 to 2012 and Windows 10 (It was tested on 2003, 2008r2, 2012, 2012r2 and Windows 7 – 32 and 64 bits, Windows 8 and Windows 10 Home edition).<\/p>\n
The script is different from Mimikatz<\/a> or WCE<\/a> because it doesn’t work with system .dlls to decrypt data. All the decryptions are made in the script.<\/p>\n The main features of RWMC:<\/p>\n To run this script effectively you need:<\/p>\n You can download RWMC here:<\/p>\nFeatures<\/h3>\n
\n
Requirements<\/h3>\n
\n