This is a sixth article in the Credential Dumping series. In this article, we will learn how we can dump the credentials from various applications such as CoreFTP, FileZilla, WinSCP, Putty, etc.

Table of Content:
·         PowerShell Empire: Session Gropher
·         Credntial Dumping: CoreFTP
o   Metasploit Framework
·         Credntial Dumping: FTP Navigator
o   Metasploit Framework
o   Lazagne
·         Credntial Dumping: FileZilla
o   Metasploit Framework
·         Credntial Dumping: HeidiSQL
o   Metasploit Framework
·         Credntial Dumping: Emails
o   Mail Pass View
·         Credntial Dumping: Pidgin
o   Metasploit Framework
·         Credntial Dumping: PSI
o   LaZagne
·         Credntial Dumping: PST
o   PST Password
·         Credntial Dumping: VNC
o   Metasploit Framework
·         Credntial Dumping: WinSCP
o   LaZagne
o   Metasploit Framework

PowerSehll Empire
Empire provides us a with a module that allows us to retrieve the saved credentials from various applications such as PuTTY, WinSCP, etc. it automatically finds passwords and dumps them for you with requiring you to do anything. Once you have your session in empire, use the following commands to execute the module:
usemodule credentials/sessiongopher
execute


And as you can see in the image above and below, it successfully retrieves passwords of WinSCP, PuTTy.


Now we will focus on few of applications and see how we can retrieve their passwords . We will go onto the applications one by one. Let’s get going!
CoreFTP: Metasploit Framework
Core FTP server tool is made especailly for windows. It lets you send and receive files over the network. for this transfer of files, it used FTP protocol which makes it relatively easy to use irrelevant of the Operating System.
With the help of metasploit we can dump the credentials saved in registry from the target system, the location the passwords is HKEY_CURRENT_USER\SOFTWARE\FTPWare\CoreFTP\Sites. You can run the post module after you have a session and to run it, type:
use post/windows/gather/credentials/coreftp
set session 1
exploit


FTP Navigator: LaZagne
Just like Core FTP, FTP navigator is a FTP client that make transfer, editing, renaming of files easy over the network. it also allows you to keep the directories in sync for both local and remote users. When using the command lazagne.exe all and you will have the FTPNavigator as shown below:





FTPNavigator: Metasploit Framework
The credentials of FTPNavigator can also be dumped using Metasploit as there is an in-built exploit for it. To use this post exploit, type:
use post/windows/gather/credetnials/ftpnavigator
set session 1
exploit


As you can see in the image above, as expected we have the credentials.
FileZilla: Metasploit Framework
FileZilla is another open source client/server software that runs on FTP protocol. it is compatible with windows, Linux and MacOS. it is again used for transfer or editing or replacing the files in a network. We can dump its credentials using Metasploit and to do so, type:
use /post/multi/gather/filezilla_client_cred
set session 1
exploit


And so, we have successfully retrieved the credentials

HeidiSQL: Metasploit Framework
It is an open source tool for MySQL, MsSQL, PostgreSQL, SQLite. Numerous sessions with connections can be saved along with the credentials, when using HeidiSQL. it also lets you run multiple sessions in a single window. managing od database is pretty easy if using this software. Again, using Metasploit we can get our hands on it credentials by using the following post exploit:
use post/windows/gather/creddtnitals/heidisql
set session 1
exploit


Email: Mail PassView
All the email passwords that are stored in the system can retrieved with the help of the tool named Mail PassView. This tool is developed by nirsoft and is best suited for internal pentesting. Simple download the software from here. Launch the tool to get the credetnials as shown below:


Pidgin: Metasploit Framework
Pidgin is an instant messaging software that allows you to chat with multiple networks. It is compatible with every Operating System. it also allows you to transfer files. There is a in-built post exploit for pidgin, in Metasploit, too. To initiate this exploit, use the following commands:
use post/multi/gather/pidgin_cred
set session 1
execute


And all the credentials will be on your screen.

PSI: LaZagne
PSI is an instant messenger that works over XMPP network. it also allows you to transfer files. it is highly customizable and comes in various languages. Using lazagne.exe chat command in LaZagne you can dump it’s password as shown in the image below:


PST: PstPassword
Nirsoft provides a tool which lets you retrieve all the PST passwords from Outlook. You can download this tool from here. Simple launch the tool and you will have the passwords as shown below :


VNC: Metasploit Framework

VNC is a remote access software which allows you to access your device from anywhere in the world. VNC passwords can be easily retrieved by using metasploit and to do so, type:
use post/windows/gather/credentials/vnc
set session 2
exploit


WinSCP: LaZagne
WinSCP is a FTP client which is based on SSH protocol from PuTTY. It has a graphical interface and can be operated in multiple languages. it also acts as a remote editor. Both LaZagne and Metasploit helps us to retrieve its passwords. In LaZagne, use the command lazagne.exe all and it will dump the credentials as shown in the image below:


WinSCP: Metasploit Framework
To retrievt he credentials from Metasploit, use the following exploit:
use post/windows/gather/credentials/winscp
set session 1
exploit


This way, you can retrieve credentials of multiple applications.