<<< Hide Navigation Hide TOC >>>

Cmdkey (da252f67-2d4e-419f-b493-d4a1d024a01c)

This object contains information sourced from the Living Off The Land Binaries, Scripts and Libraries (LOLBAS) project, which is licensed under GNU General Public License v3.0.

Description: creates, lists, and deletes stored user names and passwords or credentials.

Author: Oddvar Moe

Paths: * C:\Windows\System32\cmdkey.exe * C:\Windows\SysWOW64\cmdkey.exe

Resources: * https://www.peew.pw/blog/2017/11/26/exploring-cmdkey-an-edge-case-for-privilege-escalation * https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmdkey

Detection: * Sigma: proc_creation_win_cmdkey_recon.yml^{[Cmdkey.exe - LOLBAS Project]}

Rows: 1

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Tidal Groups		Clear Tidal Software	Clear 1
HEXANE (eecf7289-294f-48dd-a747-7705820f4735)	Tidal Groups	Cmdkey (da252f67-2d4e-419f-b493-d4a1d024a01c)	Tidal Software	1