I have been trying to get a list of all stored credentials on a Windows 10 system and run into a bit of a wall. Thought I’d see if anyone else has come across this or has a suggestion. The System user command runs fine (and generates a log) however as a user it generates an empty log with no results (even if the user has no entries in their credential manager you should get output). I have attempted with/without 64 redirection and attempting both the native system folder and system folder. Also attempted with interaction and saw the CMD box but no change in logging result.
Latest AS:
//------------------------------------------------------------
if {x64 of operating system}
action uses wow64 redirection {not x64 of operating system}
endif
waithidden cmd /c {native system folder}\cmdkey.exe /list > c:\programdata\InvCredMgr_SYS
delete {“c:\programdata\InvCredMgr_” & name of logged on user whose (active of it) as string}
I haven’t used cmdkey myself, and don’t know whether this is the only issue, but I see a problem on this line
wait cmd /c {native system folder}\cmdkey.exe /list > c:\programdata\InvCredMgr_%username%
The %username% would only evaluate as an environment variable in the context of a batch file; %username% has no special meaning to Bigfix Actionscript. Try a relevance substitution instead, such as you did on the delete line
wait cmd /c {native system folder}\cmdkey.exe /list > {“c:\programdata\InvCredMgr_” & name of logged on user whose (active of it) as string}
Jason,
Interestingly enough the %username% expansion is happening successfully for the user context the fixlet runs under and generating the expected logname. I’ve also attempted to hard path the log name temporarily.
Worth mentioning, running the command below from an interactive command prompt succeeds and generates the log with expected content:
cmdkey.exe /list > c:\programdata\InvCredMgr_%username%
Log output: c:\programdata\InvCredMgr_Nick
Target: LegacyGeneric:target=msteams_adalsso/adal_context_15
Type: Generic
Local machine persistence
Target: WindowsLive:target=virtualapp/didlogical
Type: Generic
User: 02xfsznmroddlmdv
Local machine persistence
Target: LegacyGeneric:target=msteams_adalsso/adal_context_3
Type: Generic
Local machine persistence
Definitely true. The BESClient directory is usually unavailable to a generic user so if running with user permissions you would have to do this in a directory available to the user though knowing where that is is hard due to any environment variable being that for the SYSTEM user. You could figure out a safe space for the user based on usual paths though
I did modify the content to create & copy the file out to a place where users have rights to execute. Unfortunately I ended up with the same directory invalid message.
I have ended up going a slightly different way; for whatever reason (weird context thingy?) I was able to get the agent to run the command within a vbs wrapper.