We have developed this tool with the hope that it will be useful to Penetration Testers and Red Teams that wish to collect the passwords stored locally on a computer.
The basic usage scenario is that you have simple access to a client PC and you want to harvest credentials for horizontal privilege escalation to secondary targets and/or privilege escalation attacks on the same system via password reuse exploitation.
At this first release, PassCat retrieves password from the following locations:
- Windows WiFi Manager
- Windows Credential Manager
- Vault files
- Internet explorer
- Google Chrome
- Opera browser
- Firefox Thunderbird
- Thunderbird Email Client (you have to build PassCat for Windows 10 x86. Keep in mind that using the x86 version you will not be able to retrieve Firefox passwords)
It has been tested on Windows 10 x64. Let us know, if you have tested on other environments or if you wish to add more password locations to its functionality.
You can find the PassCat tool from TwelveSec’s github page.