In the previous tip we talked about a public module called PSCredentialManager that helps you manage cached credentials. Sometime, less is more, so when you look at the code you’ll soon discover that it is a console command called cmdkey.exe that actually interacts with Windows.
To get a list of cached credentials on your local machine, all you really need is this:
PS> cmdkey /list
Currently stored credentials:
Target: MicrosoftAccount_target=SSO_POP_User
Type: Domain Extended Credentials
User: XXXXX.com
Saved for this logon only
Target: MicrosoftAccount_target=SSO_POP_Device
Type: Domain Extended Credentials
User: 06jbdrfztrwsvsb
Saved for this logon only
...
The output is plain text. However, PowerShell can convert the raw data using the ForEach-Object:
cmdkey.exe /list | ForEach-Object {$found=$false} { $line = $_.Trim() if ($line -eq '') { if ($found) { $newobject } $found = $false $newobject = '' | Select-Object -Property Type, User, Info, Target } else { if ($line.StartsWith("Target: ")) { $found = $true $newobject.Target = $line.Substring(8) } elseif ($line.StartsWith("Type: ")) { $newobject.Type = $line.Substring(6) } elseif ($line.StartsWith("User: ")) { $newobject.User = $line.Substring(6) } else { $newobject.Info = $line } } }
The result would look similar to this:
Type User Info Target ---- ---- ---- ------ Domain Extended Credentials tabcabcabc@hicsawr.com Saved for this logon only Mi Domain Extended Credentials 02jbqxcbqvsb Saved for this logon only Mi Generic tabcabcabc@hicsawr.com Local machine persistence Le Generic Local machine persistence Le Generic Local machine persistence Le Generic Local machine persistence Le Generic tabcabcabc@hicsawr.com Local machine persistence Le Generic Local machine persistence Le Generic 02jdrxcbqvsb Local machine persistence Wi Generic Martin Le Domain Password Martin Do Domain Password Martin Do Domain Password User Do
