Manipulate stored credentials
This is more of a note to self so I dont forget the nifty cmd line tool included in 2k3 by default.
https://msdn2.microsoft.com/en-us/library/aa374731.aspx
Low-level Credentials Management Functions
The following are low-level credentials management functions.
Function | Description |
---|---|
CredDelete | Delete a credential from a user's credentials set. |
CredEnumerate | List the credentials in a user's credentials set. |
CredFindBestCredential | Searches the Credentials Management (CredMan) database for the set of generic credentials that are associated with the current logon session and that best match the specified target resource. |
CredFree | Free the memory used for a buffer returned by any of the credentials management functions. |
CredGetSessionTypes | Retrieve the maximum persistence supported by the current logon session. |
CredGetTargetInfo | Retrieve all known target name information for a named resource. |
CredIsProtected | Specifies whether the specified credentials are encrypted by a previous call to the CredProtect function. |
CredMarshalCredential | Transform a credential into a text string. |
CredPackAuthenticationBuffer | Converts a string user name and password into an authentication buffer. |
CredProtect | Encrypts the specified credentials so that only the current security context can decrypt them. |
CredRead | Read a credential from a user's credentials set. |
CredReadDomainCredentials | Read the domain credentials from a user's credentials set. |
CredRename | Rename a credential from a user's credentials set. |
CredUnmarshalCredential | Transform a marshaled credential string back into its nonmarshaled form. |
CredUnPackAuthenticationBuffer | Converts an authentication buffer returned by a call to the CredUIPromptForWindowsCredentials function into a string user name and password. |
CredUnprotect | Decrypts credentials that were previously encrypted by using the CredProtect function. |
CredWrite | Create a new credential or modify an existing credential in a user's credentials set. |
CredWriteDomainCredentials | Write domain credentials to a user's credentials set. |
C:\WINDOWS\system32>cmdkey /?
Creates, displays, and deletes stored user names and passwords.
The syntax of this command is:
CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:passw
rd}}} | /delete{:targetname | /ras} | /list{:targetname}]
Examples:
To list available credentials:
cmdkey /list
cmdkey /list:targetname
To create domain credentials:
cmdkey /add:targetname /user:username /pass:password
cmdkey /add:targetname /user:username /pass
cmdkey /add:targetname /user:username
cmdkey /add:targetname /smartcard
To create generic credentials:
The /add switch may be replaced by /generic to create generic credentials
To delete existing credentials:
cmdkey /delete:targetname
To delete RAS credentials:
cmdkey /delete /ras
spat