Sitemap

Member-only story

🎯 HTB Academy — Credential Hunting in Windows (Walkthrough)

S3N5E
3 min readMay 27, 2025

Module: Password Attacks
Challenge: Credential Hunting in Windows
Target: Laptop01
RDP Login: Bob / HTB_@cademy_stdnt!
IP: 10.129.171.77

Free Writeup!!

🧠 Scenario

You’ve just RDP’d into an IT administrator’s Windows 10 workstation. As part of your engagement, your mission is clear:

Hunt down any and all credentials left lying around in the system — files, scripts, browsers, or misconfigured applications.

Let’s dive into the art of credential hunting!

🧰 Tools Used

  • 🔍 Windows Search
  • 🕵️‍♂️ findstr
  • 💣 LaZagne

🔑 Step 1: RDP into the Box

Connect via RDP using:

RDP Target: 10.129.171.77  
Username: Bob
Password: HTB_@cademy_stdnt!

Once inside, explore the desktop. You’re in the environment of a busy IT admin. Think like them — where might you store passwords if you were constantly juggling credentials?

🔍 Step 2: Use Windows Search

Start by using Windows built-in search (via taskbar or Windows+S):

Search terms:

password
credentials
creds
login
dbpassword

💡 You may stumble upon:

  • Documents like…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

S3N5E

Written by S3N5E

I'm passionate about cybersecurity...because therapy was too expensive.

No responses yet

Write a response