passwords.txt on desktop

0001-01-01

Often, users keep plaintext copies of complicated passwords on their desktop or somewhere within their home directory as a makeshift password manager. They are able to copy and paste credentials into their accounts.

This is convenient for the user but problematic if their credentials or system are compromised. An attacker would discover their passwords.txt file and use it to move laterally or elevate their privileges on the system.

There are automation tools such as trufflehog that search for high entropy words or words matching a set pattern within plaintext files. This indicates that a word may be a randomized password or matches the known format of an API key.


Links to this note