Windows priv esc Credential Hunting

I’m stuck on the question “Search the file system for a file containing a password. Submit the password as your answer.”
I found file called stuff.txt in the documents folder with a password, but that’s not correct when i submit it
Can someone point me in the right direction?

try to find a another document there is a username and password in

once you find the file you can cat it and then pipe to Select-String to easily locate it

cat C:\Users\file\path | Select-String password

how did you solve this actually ? this section is so stupid

I found it in a xml file.

1 Like

For anyone stuck on the first question:

  1. Make sure to read the hint and start searching from within the c:\users directory.
  2. Something that confused me a lot and maybe is good to clarify for others:

The /C option is not related to defining where the search starts from; instead, it’s used to specify the search string itself. The search starts from the beginning of each file specified in the command.

I initially thought that the /C:"password" part of the command defines where the search is starting from (similar to find / in Unix-based systems), thus, I spent a lot of time just searching files from another directory than c:\users because I thought it did not matter.