Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

Mastodon

Member-only story

🎯 HTB Academy — Credential Hunting in Windows (Walkthrough)

S3N5E
3 min readMay 27, 2025

Module: Password Attacks
Challenge: Credential Hunting in Windows
Target: Laptop01
RDP Login: Bob / HTB_@cademy_stdnt!
IP: 10.129.171.77

Free Writeup!!

🧠 Scenario

You’ve just RDP’d into an IT administrator’s Windows 10 workstation. As part of your engagement, your mission is clear:

Hunt down any and all credentials left lying around in the system — files, scripts, browsers, or misconfigured applications.

Let’s dive into the art of credential hunting!

🧰 Tools Used

  • 🔍 Windows Search
  • 🕵️‍♂️ findstr
  • 💣 LaZagne

🔑 Step 1: RDP into the Box

Connect via RDP using:

RDP Target: 10.129.171.77  
Username: Bob  
Password: HTB_@cademy_stdnt!

Once inside, explore the desktop. You’re in the environment of a busy IT admin. Think like them — where might you store passwords if you were constantly juggling credentials?

🔍 Step 2: Use Windows Search

Start by using Windows built-in search (via taskbar or Windows+S):

Search terms:

password
credentials
creds
login
dbpassword

💡 You may stumble upon:

  • Documents like…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

S3N5E

Written by S3N5E

62 followers
4 following

I'm passionate about cybersecurity...because therapy was too expensive.

No responses yet

Write a response

What are your thoughts?

More from S3N5E

See all from S3N5E

Recommended from Medium

See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech