Powershell – Reveal Windows Memory Credentials

The purpose of this script is to make a proof of concept of how retrieve Windows credentials with Powershell and CDB Command-Line Options (Windows Debuggers)
It allows to retrieve credentials from windows 2003 to 2012 and Windows 10 (it was tested on 2003, 2008r2, 2012, 2012r2 and Windows 7 – 32 and 64 bits, Windows 8 and Windows 10 Home edition).
It works even if you are on another architecture than the system targeted.


  • it’s fully PowerShell
  • it can work locally, remotely or from a dump file collected on a machine
  • it does not use the operating system .dll to locate credentials address in memory but a simple Microsoft debugger
  • it does not use the operating system .dll to decypher passwords collected –> it is does in the PowerShell (AES, TripleDES, DES-X)
  • it breaks undocumented Microsoft DES-X
  • it works even if you are on a different architecture than the target
  • it leaves no trace in memoryless

How to use it for Windows 2012R2 or Windows 10?

1) Retrieve remotely:
* Launch the script 
* Local computer, Remote computer or from a dump file ? (local, remote, dump): remote [enter]
* serverName [enter] 
2) From a dump: if you have to dump the lsass process of a target machine, you can execute the script with option ( ! name you lsass dump “lsass.dmp” and don’t enter the name for the option you enter, only the directory !) :
* Launch the script 
* Local computer, Remote computer or from a dump file ? (local, remote, dump): dump [enter]
* d:directory_of_the_dump [enter] 
3) Locally :
* Launch the script 
* Local computer, Remote computer or from a dump file ? (local, remote, dump): local [enter]

Download &

Windows Powershell

Rated 4.7/5 based on 2569 reviews
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...