Type Here to Get Search Results !

RWMC – Retrieve Windows Credentials With PowerShell

 RWMC is a Windows PowerShell script written as a proof of concept to Retrieve Windows Credentials using only PowerShell and CDB command-line options (Windows Debuggers).

It allows to retrieve credentials from Windows 2003 to 2012 and Windows 10 (It was tested on 2003, 2008r2, 2012, 2012r2 and Windows 7 – 32 and 64 bits, Windows 8 and Windows 10 Home edition).


The main features of RWMC:

  • Fully PowerShell
  • Works locally, remotely or from a dump file collected on a machine
  • Doesn’t use .dll files to locate credentials address in memory but a simple Microsoft debugger
  • Doesn’t use OS .dll files to decipher passwords collected (AES, TripleDES, DES-X)
  • Breaks undocumented Microsoft DES-X
  • Works even if you are on a different architecture than the target
  • Leaves no trace in memory


To run this script effectively you need:

  • PowerShell 3
  • Allow PowerShell script on you machine, example : Set-ExecutionPolicy Unrestricted -force
  • An Internet Connection

You can download RWMC here:


Post a Comment

* Please Don't Spam Here. All the Comments are Reviewed by Admin.