Home » Questions » Computers [ Ask a new question ]

Where does WinSCP store site's password?

Where does WinSCP store site's password?

Where does WinSCP store site's information or password? I can't find it under Documents and Settings...

Asked by: Guest | Views: 374
Total answers/comments: 5
Guest [Entry]

"The configuration file is stored either in the Windows registry or, if you are using the portable version, in an INI file. (See the documentation.) The registry location is:

HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2

You can always export the settings to an INI file by pressing Export in the preferences dialog.

Note that your passwords are not stored in text, but encoded. Though difficult to decrypt, it is not impossible."
Guest [Entry]

"This is a simplified version of Cesar's excellent answer and assumes your password still works in SCP.

Create a batch file called echo.cmd that contains the following:

echo %*
pause

Place it on a suitable place, such as your desktop.

Fire up WinSCP and connect to your site. Click on Options -> Preferences:

On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created echo.cmd batch file. Also select the option:

Remember session password and pass it to PuTTY (SSH)

Click OK.

Now launch PuTTY from within WinSCP.

Your previously stored password should now be displayed on the screen!"
Guest [Entry]

"You could use a tool like WireShark to ""see"" what goes on over the wire. What I mean is to have a packet capturing session running (in WireShark) and then login to your FTP server (using WinSCP, with NO encryption).

Then, by looking at the registered session in WireShark, one could easily identify the ""discussion"" (filtering by the destination IP for example) and then identifying the Request: USER blabla, and then REQUEST: PASS blabla, at the FTP level of the ""conversation""."
Guest [Entry]

"I came to this answer while researching a slightly different problem however this was helpful and I wanted to share what I did.

My problem was that I was using WinSCP with passwords saved under Windows XP within an Active Directory domain which then changed. With the new Active Directory domain, my user profile also changed resulting in WinSCP showing no saved logon profiles.

In order to recover the previous WinSCP logon profiles I did the following.

Started up the regedit application and did a search for any keys that had a name of Martin Prikryl. After several false matches, I found the key with what looked to be the correct session data.

I then exported the WinSCP Session registry key using the regedit export command into a text file.

Next I modified the exported text in the text file so that it used HKEY_CURRENT_USER as the beginning of the complete key in front of the Software sub-key

Next using regedit, I imported the data to modify the Windows Registry keys used by WinSCP for the current user.

These actions did the following: (1) found the WinSCP logon Session data for the old user profile, (2) made a copy of that data, (3) modified the Windows Registry key to allow an import with regedit to modify the current user, (4) imported the data modifying the WinSCP registry entries for the current user profile.

After doing this procedure I was able to access my web server with WinSCP.

There are probably a couple of reasons why this was straightforward and worked. First of all this PC was used only by one person so was not shared reducing the false matches. Secondly I had Administrator privileges to the PC. Third this was Windows XP and not Windows 7/8."
Guest [Entry]

"Quoting WinSCP FAQ Can I recover password stored in WinSCP session?:

One way is to recover your password is enabling a password logging in preferences. See Log passwords and other sensitive information preference option. Then inspect the session log file to find the stored password.

. 2017-06-13 07:41:11.313 ---------------------------------------------------------------
. 2017-06-13 07:41:11.313 WinSCP Version 5.9.5 (Build 7441) (OS 10.0.15063 - Windows 10)
. 2017-06-13 07:41:11.313 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2017-06-13 07:41:11.313 Log level: Normal, Logging passwords
...
. 2017-06-13 07:41:11.313 ---------------------------------------------------------------
. 2017-06-13 07:41:11.313 Session name: My server (Site)
. 2017-06-13 07:41:11.313 Host name: example.com (Port: 22)
. 2017-06-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)

You can also abuse a Generate Session URL/Code function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the .NET assembly code, where only double-quotes are escaped (in all supported languages)."