Where does WinSCP store site's password?











up vote
16
down vote

favorite
7












Where does WinSCP store site's information or password? I can't find it under Documents and Settings...










share|improve this question
























  • I know this solution will be too easy for superusers ;) but if you don't want to get hands dirty or just need to see passwords asap, imho good option is to use smartftp's additional tool password recovery. i don't want to advertise or something, but for me it was really useful utility. btw here is quick tut how to see those passwords: digitalette.com/web/recover-lost-ftp-passwords-winscp hope i helped
    – flasherr
    May 3 '14 at 13:16















up vote
16
down vote

favorite
7












Where does WinSCP store site's information or password? I can't find it under Documents and Settings...










share|improve this question
























  • I know this solution will be too easy for superusers ;) but if you don't want to get hands dirty or just need to see passwords asap, imho good option is to use smartftp's additional tool password recovery. i don't want to advertise or something, but for me it was really useful utility. btw here is quick tut how to see those passwords: digitalette.com/web/recover-lost-ftp-passwords-winscp hope i helped
    – flasherr
    May 3 '14 at 13:16













up vote
16
down vote

favorite
7









up vote
16
down vote

favorite
7






7





Where does WinSCP store site's information or password? I can't find it under Documents and Settings...










share|improve this question















Where does WinSCP store site's information or password? I can't find it under Documents and Settings...







passwords ftp winscp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 12 '13 at 13:09









Martin Prikryl

10.7k43173




10.7k43173










asked Jan 25 '10 at 22:45









Stan

3,3922979133




3,3922979133












  • I know this solution will be too easy for superusers ;) but if you don't want to get hands dirty or just need to see passwords asap, imho good option is to use smartftp's additional tool password recovery. i don't want to advertise or something, but for me it was really useful utility. btw here is quick tut how to see those passwords: digitalette.com/web/recover-lost-ftp-passwords-winscp hope i helped
    – flasherr
    May 3 '14 at 13:16


















  • I know this solution will be too easy for superusers ;) but if you don't want to get hands dirty or just need to see passwords asap, imho good option is to use smartftp's additional tool password recovery. i don't want to advertise or something, but for me it was really useful utility. btw here is quick tut how to see those passwords: digitalette.com/web/recover-lost-ftp-passwords-winscp hope i helped
    – flasherr
    May 3 '14 at 13:16
















I know this solution will be too easy for superusers ;) but if you don't want to get hands dirty or just need to see passwords asap, imho good option is to use smartftp's additional tool password recovery. i don't want to advertise or something, but for me it was really useful utility. btw here is quick tut how to see those passwords: digitalette.com/web/recover-lost-ftp-passwords-winscp hope i helped
– flasherr
May 3 '14 at 13:16




I know this solution will be too easy for superusers ;) but if you don't want to get hands dirty or just need to see passwords asap, imho good option is to use smartftp's additional tool password recovery. i don't want to advertise or something, but for me it was really useful utility. btw here is quick tut how to see those passwords: digitalette.com/web/recover-lost-ftp-passwords-winscp hope i helped
– flasherr
May 3 '14 at 13:16










8 Answers
8






active

oldest

votes

















up vote
8
down vote



accepted










The configuration file is stored either in the Windows registry or, if you are using the portable version, in an INI file. (See the documentation.) The registry location is:



HKEY_CURRENT_USERSoftwareMartin PrikrylWinSCP 2


You can always export the settings to an INI file by pressing Export in the preferences dialog.



Note that your passwords are not stored in text, but encoded. Though difficult to decrypt, it is not impossible.






share|improve this answer

















  • 3




    In WinSCP 5.2.x and later the export function has been moved to Tools > Export/Backup Configuration on Login dialog.
    – Martin Prikryl
    Nov 21 '13 at 7:35


















up vote
13
down vote













Try this method.



login into your saved session



go to session menu



click on generate URL



only check username and password options (If you need current directory path click on this option aswell)



click on copy to clip board.



it will contain username and password.



thats it.






share|improve this answer



















  • 2




    Life saver, I have almost 100 accounts with unknown (saved) passwords. This is what worked for me.
    – Andy Gee
    Apr 13 '16 at 18:01






  • 2




    This is the easiest answer
    – Gajotres
    Nov 29 '16 at 9:47






  • 1




    be sure to do a url decoding if your psw contains special characters
    – KuN
    Jul 27 at 3:55




















up vote
8
down vote













This is a simplified version of Cesar's excellent answer and assumes your password still works in SCP.



Create a batch file called echo.cmd that contains the following:



echo %*
pause


Place it on a suitable place, such as your desktop.



Fire up WinSCP and connect to your site. Click on Options -> Preferences:



WinSCP Preferences



On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created echo.cmd batch file. Also select the option:



Remember session password and pass it to PuTTY (SSH)


WinSCP Putty Preferences



Click OK.



Now launch PuTTY from within WinSCP.



Your previously stored password should now be displayed on the screen!






share|improve this answer



















  • 2




    Your trick helped me today. Thanks
    – Tushar Bhaware
    Dec 11 '15 at 13:17


















up vote
3
down vote













Create a new C# console application, then type the following program:



namespace ConsoleApplication8
{
class Program
{
static void Main(string args)
{
foreach (var str in args)
System.Console.WriteLine(str);
System.Console.ReadLine();
}
}
}


If you are not a C# programmer, you can do as easily on any other language you might be familiar with. The point is simply to print whatever values are passed as an argument to your program. You can even do it with a script, if that is more familiar to you.



Now, compile your program, and grab your binary (such as ConsoleApplication8.exe). Place it on a suitable place, such as your desktop.



Now, if your password still works, fire up WinSCP and connect to your site. Click on Options -> Preferences



enter image description here



On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created binary. Also select the option "Remember session password and pass it to PuTTY (SSH)".



enter image description here



Click OK, and then try to launch PuTTY from within WinSCP.



Your previously stored password should now be visible in your screen.






share|improve this answer

















  • 2




    That's pretty clever!
    – Paul Lammertsma
    Feb 4 '14 at 15:29


















up vote
3
down vote













I had a very weird use case, I needed to recover my password, but my system admins had locked down my environment so I couldn't run any non-whitelisted executable files, and that included .cmd files.



My solution was to instead point the Putty command line to Notepad++.



When it ran it said "File -pw" does not exist, should I create it, you say no.



Then it says "File {the password shows up here} does not exist, should I create it" and again you say now, and bam, there was the password in clear text.






share|improve this answer

















  • 1




    Nice trick. I wonder if the command line parameters could also be made visible in, say, Windows Task Manager? (In Unix, running ps would show passwords if those were specified on the command line, also for sub-processes, if they would keep running for some time.)
    – Arjan
    Aug 17 '15 at 0:58


















up vote
2
down vote













You could use a tool like WireShark to "see" what goes on over the wire. What I mean is to have a packet capturing session running (in WireShark) and then login to your FTP server (using WinSCP, with NO encryption).



Then, by looking at the registered session in WireShark, one could easily identify the "discussion" (filtering by the destination IP for example) and then identifying the Request: USER blabla, and then REQUEST: PASS blabla, at the FTP level of the "conversation".






share|improve this answer




























    up vote
    2
    down vote













    I came to this answer while researching a slightly different problem however this was helpful and I wanted to share what I did.



    My problem was that I was using WinSCP with passwords saved under Windows XP within an Active Directory domain which then changed. With the new Active Directory domain, my user profile also changed resulting in WinSCP showing no saved logon profiles.



    In order to recover the previous WinSCP logon profiles I did the following.



    Started up the regedit application and did a search for any keys that had a name of Martin Prikryl. After several false matches, I found the key with what looked to be the correct session data.



    I then exported the WinSCP Session registry key using the regedit export command into a text file.



    Next I modified the exported text in the text file so that it used HKEY_CURRENT_USER as the beginning of the complete key in front of the Software sub-key



    Next using regedit, I imported the data to modify the Windows Registry keys used by WinSCP for the current user.



    These actions did the following: (1) found the WinSCP logon Session data for the old user profile, (2) made a copy of that data, (3) modified the Windows Registry key to allow an import with regedit to modify the current user, (4) imported the data modifying the WinSCP registry entries for the current user profile.



    After doing this procedure I was able to access my web server with WinSCP.



    There are probably a couple of reasons why this was straightforward and worked. First of all this PC was used only by one person so was not shared reducing the false matches. Secondly I had Administrator privileges to the PC. Third this was Windows XP and not Windows 7/8.






    share|improve this answer




























      up vote
      1
      down vote













      Quoting WinSCP FAQ Can I recover password stored in WinSCP session?:



      One way is to recover your password is enabling a password logging in preferences. See Log passwords and other sensitive information preference option. Then inspect the session log file to find the stored password.



       . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
      . 2017-06-13 07:41:11.313 WinSCP Version 5.9.5 (Build 7441) (OS 10.0.15063 - Windows 10)
      . 2017-06-13 07:41:11.313 Configuration: HKCUSoftwareMartin PrikrylWinSCP 2
      . 2017-06-13 07:41:11.313 Log level: Normal, Logging passwords
      ...
      . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
      . 2017-06-13 07:41:11.313 Session name: My server (Site)
      . 2017-06-13 07:41:11.313 Host name: example.com (Port: 22)
      . 2017-06-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)




      You can also abuse a Generate Session URL/Code function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the .NET assembly code, where only double-quotes are escaped (in all supported languages).



      enter image description here






      share|improve this answer























      • The suggestion from WinSCP's FAQ was the solution in my case. I had a customer change their IP for an FTP server and reuse the original password. Many of the other solutions that have been posted here require you to first establish a connection, which was not possible in my case. I temporarily enabled logging of sensitive data, attempted to connect to the old IP, allowed it to fail, and the password used in the attempt was present in the log.
        – root
        Jul 3 at 12:55













      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "3"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














       

      draft saved


      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f100503%2fwhere-does-winscp-store-sites-password%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      8 Answers
      8






      active

      oldest

      votes








      8 Answers
      8






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      8
      down vote



      accepted










      The configuration file is stored either in the Windows registry or, if you are using the portable version, in an INI file. (See the documentation.) The registry location is:



      HKEY_CURRENT_USERSoftwareMartin PrikrylWinSCP 2


      You can always export the settings to an INI file by pressing Export in the preferences dialog.



      Note that your passwords are not stored in text, but encoded. Though difficult to decrypt, it is not impossible.






      share|improve this answer

















      • 3




        In WinSCP 5.2.x and later the export function has been moved to Tools > Export/Backup Configuration on Login dialog.
        – Martin Prikryl
        Nov 21 '13 at 7:35















      up vote
      8
      down vote



      accepted










      The configuration file is stored either in the Windows registry or, if you are using the portable version, in an INI file. (See the documentation.) The registry location is:



      HKEY_CURRENT_USERSoftwareMartin PrikrylWinSCP 2


      You can always export the settings to an INI file by pressing Export in the preferences dialog.



      Note that your passwords are not stored in text, but encoded. Though difficult to decrypt, it is not impossible.






      share|improve this answer

















      • 3




        In WinSCP 5.2.x and later the export function has been moved to Tools > Export/Backup Configuration on Login dialog.
        – Martin Prikryl
        Nov 21 '13 at 7:35













      up vote
      8
      down vote



      accepted







      up vote
      8
      down vote



      accepted






      The configuration file is stored either in the Windows registry or, if you are using the portable version, in an INI file. (See the documentation.) The registry location is:



      HKEY_CURRENT_USERSoftwareMartin PrikrylWinSCP 2


      You can always export the settings to an INI file by pressing Export in the preferences dialog.



      Note that your passwords are not stored in text, but encoded. Though difficult to decrypt, it is not impossible.






      share|improve this answer












      The configuration file is stored either in the Windows registry or, if you are using the portable version, in an INI file. (See the documentation.) The registry location is:



      HKEY_CURRENT_USERSoftwareMartin PrikrylWinSCP 2


      You can always export the settings to an INI file by pressing Export in the preferences dialog.



      Note that your passwords are not stored in text, but encoded. Though difficult to decrypt, it is not impossible.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Jan 25 '10 at 23:41









      Paul Lammertsma

      2,92552636




      2,92552636








      • 3




        In WinSCP 5.2.x and later the export function has been moved to Tools > Export/Backup Configuration on Login dialog.
        – Martin Prikryl
        Nov 21 '13 at 7:35














      • 3




        In WinSCP 5.2.x and later the export function has been moved to Tools > Export/Backup Configuration on Login dialog.
        – Martin Prikryl
        Nov 21 '13 at 7:35








      3




      3




      In WinSCP 5.2.x and later the export function has been moved to Tools > Export/Backup Configuration on Login dialog.
      – Martin Prikryl
      Nov 21 '13 at 7:35




      In WinSCP 5.2.x and later the export function has been moved to Tools > Export/Backup Configuration on Login dialog.
      – Martin Prikryl
      Nov 21 '13 at 7:35












      up vote
      13
      down vote













      Try this method.



      login into your saved session



      go to session menu



      click on generate URL



      only check username and password options (If you need current directory path click on this option aswell)



      click on copy to clip board.



      it will contain username and password.



      thats it.






      share|improve this answer



















      • 2




        Life saver, I have almost 100 accounts with unknown (saved) passwords. This is what worked for me.
        – Andy Gee
        Apr 13 '16 at 18:01






      • 2




        This is the easiest answer
        – Gajotres
        Nov 29 '16 at 9:47






      • 1




        be sure to do a url decoding if your psw contains special characters
        – KuN
        Jul 27 at 3:55

















      up vote
      13
      down vote













      Try this method.



      login into your saved session



      go to session menu



      click on generate URL



      only check username and password options (If you need current directory path click on this option aswell)



      click on copy to clip board.



      it will contain username and password.



      thats it.






      share|improve this answer



















      • 2




        Life saver, I have almost 100 accounts with unknown (saved) passwords. This is what worked for me.
        – Andy Gee
        Apr 13 '16 at 18:01






      • 2




        This is the easiest answer
        – Gajotres
        Nov 29 '16 at 9:47






      • 1




        be sure to do a url decoding if your psw contains special characters
        – KuN
        Jul 27 at 3:55















      up vote
      13
      down vote










      up vote
      13
      down vote









      Try this method.



      login into your saved session



      go to session menu



      click on generate URL



      only check username and password options (If you need current directory path click on this option aswell)



      click on copy to clip board.



      it will contain username and password.



      thats it.






      share|improve this answer














      Try this method.



      login into your saved session



      go to session menu



      click on generate URL



      only check username and password options (If you need current directory path click on this option aswell)



      click on copy to clip board.



      it will contain username and password.



      thats it.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Nov 15 at 7:57

























      answered Dec 10 '15 at 11:12









      pakistanimoon

      23125




      23125








      • 2




        Life saver, I have almost 100 accounts with unknown (saved) passwords. This is what worked for me.
        – Andy Gee
        Apr 13 '16 at 18:01






      • 2




        This is the easiest answer
        – Gajotres
        Nov 29 '16 at 9:47






      • 1




        be sure to do a url decoding if your psw contains special characters
        – KuN
        Jul 27 at 3:55
















      • 2




        Life saver, I have almost 100 accounts with unknown (saved) passwords. This is what worked for me.
        – Andy Gee
        Apr 13 '16 at 18:01






      • 2




        This is the easiest answer
        – Gajotres
        Nov 29 '16 at 9:47






      • 1




        be sure to do a url decoding if your psw contains special characters
        – KuN
        Jul 27 at 3:55










      2




      2




      Life saver, I have almost 100 accounts with unknown (saved) passwords. This is what worked for me.
      – Andy Gee
      Apr 13 '16 at 18:01




      Life saver, I have almost 100 accounts with unknown (saved) passwords. This is what worked for me.
      – Andy Gee
      Apr 13 '16 at 18:01




      2




      2




      This is the easiest answer
      – Gajotres
      Nov 29 '16 at 9:47




      This is the easiest answer
      – Gajotres
      Nov 29 '16 at 9:47




      1




      1




      be sure to do a url decoding if your psw contains special characters
      – KuN
      Jul 27 at 3:55






      be sure to do a url decoding if your psw contains special characters
      – KuN
      Jul 27 at 3:55












      up vote
      8
      down vote













      This is a simplified version of Cesar's excellent answer and assumes your password still works in SCP.



      Create a batch file called echo.cmd that contains the following:



      echo %*
      pause


      Place it on a suitable place, such as your desktop.



      Fire up WinSCP and connect to your site. Click on Options -> Preferences:



      WinSCP Preferences



      On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created echo.cmd batch file. Also select the option:



      Remember session password and pass it to PuTTY (SSH)


      WinSCP Putty Preferences



      Click OK.



      Now launch PuTTY from within WinSCP.



      Your previously stored password should now be displayed on the screen!






      share|improve this answer



















      • 2




        Your trick helped me today. Thanks
        – Tushar Bhaware
        Dec 11 '15 at 13:17















      up vote
      8
      down vote













      This is a simplified version of Cesar's excellent answer and assumes your password still works in SCP.



      Create a batch file called echo.cmd that contains the following:



      echo %*
      pause


      Place it on a suitable place, such as your desktop.



      Fire up WinSCP and connect to your site. Click on Options -> Preferences:



      WinSCP Preferences



      On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created echo.cmd batch file. Also select the option:



      Remember session password and pass it to PuTTY (SSH)


      WinSCP Putty Preferences



      Click OK.



      Now launch PuTTY from within WinSCP.



      Your previously stored password should now be displayed on the screen!






      share|improve this answer



















      • 2




        Your trick helped me today. Thanks
        – Tushar Bhaware
        Dec 11 '15 at 13:17













      up vote
      8
      down vote










      up vote
      8
      down vote









      This is a simplified version of Cesar's excellent answer and assumes your password still works in SCP.



      Create a batch file called echo.cmd that contains the following:



      echo %*
      pause


      Place it on a suitable place, such as your desktop.



      Fire up WinSCP and connect to your site. Click on Options -> Preferences:



      WinSCP Preferences



      On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created echo.cmd batch file. Also select the option:



      Remember session password and pass it to PuTTY (SSH)


      WinSCP Putty Preferences



      Click OK.



      Now launch PuTTY from within WinSCP.



      Your previously stored password should now be displayed on the screen!






      share|improve this answer














      This is a simplified version of Cesar's excellent answer and assumes your password still works in SCP.



      Create a batch file called echo.cmd that contains the following:



      echo %*
      pause


      Place it on a suitable place, such as your desktop.



      Fire up WinSCP and connect to your site. Click on Options -> Preferences:



      WinSCP Preferences



      On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created echo.cmd batch file. Also select the option:



      Remember session password and pass it to PuTTY (SSH)


      WinSCP Putty Preferences



      Click OK.



      Now launch PuTTY from within WinSCP.



      Your previously stored password should now be displayed on the screen!







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Aug 22 '14 at 15:03

























      answered Aug 21 '14 at 13:08









      Steve Eynon

      18116




      18116








      • 2




        Your trick helped me today. Thanks
        – Tushar Bhaware
        Dec 11 '15 at 13:17














      • 2




        Your trick helped me today. Thanks
        – Tushar Bhaware
        Dec 11 '15 at 13:17








      2




      2




      Your trick helped me today. Thanks
      – Tushar Bhaware
      Dec 11 '15 at 13:17




      Your trick helped me today. Thanks
      – Tushar Bhaware
      Dec 11 '15 at 13:17










      up vote
      3
      down vote













      Create a new C# console application, then type the following program:



      namespace ConsoleApplication8
      {
      class Program
      {
      static void Main(string args)
      {
      foreach (var str in args)
      System.Console.WriteLine(str);
      System.Console.ReadLine();
      }
      }
      }


      If you are not a C# programmer, you can do as easily on any other language you might be familiar with. The point is simply to print whatever values are passed as an argument to your program. You can even do it with a script, if that is more familiar to you.



      Now, compile your program, and grab your binary (such as ConsoleApplication8.exe). Place it on a suitable place, such as your desktop.



      Now, if your password still works, fire up WinSCP and connect to your site. Click on Options -> Preferences



      enter image description here



      On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created binary. Also select the option "Remember session password and pass it to PuTTY (SSH)".



      enter image description here



      Click OK, and then try to launch PuTTY from within WinSCP.



      Your previously stored password should now be visible in your screen.






      share|improve this answer

















      • 2




        That's pretty clever!
        – Paul Lammertsma
        Feb 4 '14 at 15:29















      up vote
      3
      down vote













      Create a new C# console application, then type the following program:



      namespace ConsoleApplication8
      {
      class Program
      {
      static void Main(string args)
      {
      foreach (var str in args)
      System.Console.WriteLine(str);
      System.Console.ReadLine();
      }
      }
      }


      If you are not a C# programmer, you can do as easily on any other language you might be familiar with. The point is simply to print whatever values are passed as an argument to your program. You can even do it with a script, if that is more familiar to you.



      Now, compile your program, and grab your binary (such as ConsoleApplication8.exe). Place it on a suitable place, such as your desktop.



      Now, if your password still works, fire up WinSCP and connect to your site. Click on Options -> Preferences



      enter image description here



      On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created binary. Also select the option "Remember session password and pass it to PuTTY (SSH)".



      enter image description here



      Click OK, and then try to launch PuTTY from within WinSCP.



      Your previously stored password should now be visible in your screen.






      share|improve this answer

















      • 2




        That's pretty clever!
        – Paul Lammertsma
        Feb 4 '14 at 15:29













      up vote
      3
      down vote










      up vote
      3
      down vote









      Create a new C# console application, then type the following program:



      namespace ConsoleApplication8
      {
      class Program
      {
      static void Main(string args)
      {
      foreach (var str in args)
      System.Console.WriteLine(str);
      System.Console.ReadLine();
      }
      }
      }


      If you are not a C# programmer, you can do as easily on any other language you might be familiar with. The point is simply to print whatever values are passed as an argument to your program. You can even do it with a script, if that is more familiar to you.



      Now, compile your program, and grab your binary (such as ConsoleApplication8.exe). Place it on a suitable place, such as your desktop.



      Now, if your password still works, fire up WinSCP and connect to your site. Click on Options -> Preferences



      enter image description here



      On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created binary. Also select the option "Remember session password and pass it to PuTTY (SSH)".



      enter image description here



      Click OK, and then try to launch PuTTY from within WinSCP.



      Your previously stored password should now be visible in your screen.






      share|improve this answer












      Create a new C# console application, then type the following program:



      namespace ConsoleApplication8
      {
      class Program
      {
      static void Main(string args)
      {
      foreach (var str in args)
      System.Console.WriteLine(str);
      System.Console.ReadLine();
      }
      }
      }


      If you are not a C# programmer, you can do as easily on any other language you might be familiar with. The point is simply to print whatever values are passed as an argument to your program. You can even do it with a script, if that is more familiar to you.



      Now, compile your program, and grab your binary (such as ConsoleApplication8.exe). Place it on a suitable place, such as your desktop.



      Now, if your password still works, fire up WinSCP and connect to your site. Click on Options -> Preferences



      enter image description here



      On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created binary. Also select the option "Remember session password and pass it to PuTTY (SSH)".



      enter image description here



      Click OK, and then try to launch PuTTY from within WinSCP.



      Your previously stored password should now be visible in your screen.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Nov 26 '13 at 22:23









      Cesar

      1293




      1293








      • 2




        That's pretty clever!
        – Paul Lammertsma
        Feb 4 '14 at 15:29














      • 2




        That's pretty clever!
        – Paul Lammertsma
        Feb 4 '14 at 15:29








      2




      2




      That's pretty clever!
      – Paul Lammertsma
      Feb 4 '14 at 15:29




      That's pretty clever!
      – Paul Lammertsma
      Feb 4 '14 at 15:29










      up vote
      3
      down vote













      I had a very weird use case, I needed to recover my password, but my system admins had locked down my environment so I couldn't run any non-whitelisted executable files, and that included .cmd files.



      My solution was to instead point the Putty command line to Notepad++.



      When it ran it said "File -pw" does not exist, should I create it, you say no.



      Then it says "File {the password shows up here} does not exist, should I create it" and again you say now, and bam, there was the password in clear text.






      share|improve this answer

















      • 1




        Nice trick. I wonder if the command line parameters could also be made visible in, say, Windows Task Manager? (In Unix, running ps would show passwords if those were specified on the command line, also for sub-processes, if they would keep running for some time.)
        – Arjan
        Aug 17 '15 at 0:58















      up vote
      3
      down vote













      I had a very weird use case, I needed to recover my password, but my system admins had locked down my environment so I couldn't run any non-whitelisted executable files, and that included .cmd files.



      My solution was to instead point the Putty command line to Notepad++.



      When it ran it said "File -pw" does not exist, should I create it, you say no.



      Then it says "File {the password shows up here} does not exist, should I create it" and again you say now, and bam, there was the password in clear text.






      share|improve this answer

















      • 1




        Nice trick. I wonder if the command line parameters could also be made visible in, say, Windows Task Manager? (In Unix, running ps would show passwords if those were specified on the command line, also for sub-processes, if they would keep running for some time.)
        – Arjan
        Aug 17 '15 at 0:58













      up vote
      3
      down vote










      up vote
      3
      down vote









      I had a very weird use case, I needed to recover my password, but my system admins had locked down my environment so I couldn't run any non-whitelisted executable files, and that included .cmd files.



      My solution was to instead point the Putty command line to Notepad++.



      When it ran it said "File -pw" does not exist, should I create it, you say no.



      Then it says "File {the password shows up here} does not exist, should I create it" and again you say now, and bam, there was the password in clear text.






      share|improve this answer












      I had a very weird use case, I needed to recover my password, but my system admins had locked down my environment so I couldn't run any non-whitelisted executable files, and that included .cmd files.



      My solution was to instead point the Putty command line to Notepad++.



      When it ran it said "File -pw" does not exist, should I create it, you say no.



      Then it says "File {the password shows up here} does not exist, should I create it" and again you say now, and bam, there was the password in clear text.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Aug 17 '15 at 0:44









      Toby Wild

      311




      311








      • 1




        Nice trick. I wonder if the command line parameters could also be made visible in, say, Windows Task Manager? (In Unix, running ps would show passwords if those were specified on the command line, also for sub-processes, if they would keep running for some time.)
        – Arjan
        Aug 17 '15 at 0:58














      • 1




        Nice trick. I wonder if the command line parameters could also be made visible in, say, Windows Task Manager? (In Unix, running ps would show passwords if those were specified on the command line, also for sub-processes, if they would keep running for some time.)
        – Arjan
        Aug 17 '15 at 0:58








      1




      1




      Nice trick. I wonder if the command line parameters could also be made visible in, say, Windows Task Manager? (In Unix, running ps would show passwords if those were specified on the command line, also for sub-processes, if they would keep running for some time.)
      – Arjan
      Aug 17 '15 at 0:58




      Nice trick. I wonder if the command line parameters could also be made visible in, say, Windows Task Manager? (In Unix, running ps would show passwords if those were specified on the command line, also for sub-processes, if they would keep running for some time.)
      – Arjan
      Aug 17 '15 at 0:58










      up vote
      2
      down vote













      You could use a tool like WireShark to "see" what goes on over the wire. What I mean is to have a packet capturing session running (in WireShark) and then login to your FTP server (using WinSCP, with NO encryption).



      Then, by looking at the registered session in WireShark, one could easily identify the "discussion" (filtering by the destination IP for example) and then identifying the Request: USER blabla, and then REQUEST: PASS blabla, at the FTP level of the "conversation".






      share|improve this answer

























        up vote
        2
        down vote













        You could use a tool like WireShark to "see" what goes on over the wire. What I mean is to have a packet capturing session running (in WireShark) and then login to your FTP server (using WinSCP, with NO encryption).



        Then, by looking at the registered session in WireShark, one could easily identify the "discussion" (filtering by the destination IP for example) and then identifying the Request: USER blabla, and then REQUEST: PASS blabla, at the FTP level of the "conversation".






        share|improve this answer























          up vote
          2
          down vote










          up vote
          2
          down vote









          You could use a tool like WireShark to "see" what goes on over the wire. What I mean is to have a packet capturing session running (in WireShark) and then login to your FTP server (using WinSCP, with NO encryption).



          Then, by looking at the registered session in WireShark, one could easily identify the "discussion" (filtering by the destination IP for example) and then identifying the Request: USER blabla, and then REQUEST: PASS blabla, at the FTP level of the "conversation".






          share|improve this answer












          You could use a tool like WireShark to "see" what goes on over the wire. What I mean is to have a packet capturing session running (in WireShark) and then login to your FTP server (using WinSCP, with NO encryption).



          Then, by looking at the registered session in WireShark, one could easily identify the "discussion" (filtering by the destination IP for example) and then identifying the Request: USER blabla, and then REQUEST: PASS blabla, at the FTP level of the "conversation".







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Sep 2 '13 at 9:25









          tzup

          165118




          165118






















              up vote
              2
              down vote













              I came to this answer while researching a slightly different problem however this was helpful and I wanted to share what I did.



              My problem was that I was using WinSCP with passwords saved under Windows XP within an Active Directory domain which then changed. With the new Active Directory domain, my user profile also changed resulting in WinSCP showing no saved logon profiles.



              In order to recover the previous WinSCP logon profiles I did the following.



              Started up the regedit application and did a search for any keys that had a name of Martin Prikryl. After several false matches, I found the key with what looked to be the correct session data.



              I then exported the WinSCP Session registry key using the regedit export command into a text file.



              Next I modified the exported text in the text file so that it used HKEY_CURRENT_USER as the beginning of the complete key in front of the Software sub-key



              Next using regedit, I imported the data to modify the Windows Registry keys used by WinSCP for the current user.



              These actions did the following: (1) found the WinSCP logon Session data for the old user profile, (2) made a copy of that data, (3) modified the Windows Registry key to allow an import with regedit to modify the current user, (4) imported the data modifying the WinSCP registry entries for the current user profile.



              After doing this procedure I was able to access my web server with WinSCP.



              There are probably a couple of reasons why this was straightforward and worked. First of all this PC was used only by one person so was not shared reducing the false matches. Secondly I had Administrator privileges to the PC. Third this was Windows XP and not Windows 7/8.






              share|improve this answer

























                up vote
                2
                down vote













                I came to this answer while researching a slightly different problem however this was helpful and I wanted to share what I did.



                My problem was that I was using WinSCP with passwords saved under Windows XP within an Active Directory domain which then changed. With the new Active Directory domain, my user profile also changed resulting in WinSCP showing no saved logon profiles.



                In order to recover the previous WinSCP logon profiles I did the following.



                Started up the regedit application and did a search for any keys that had a name of Martin Prikryl. After several false matches, I found the key with what looked to be the correct session data.



                I then exported the WinSCP Session registry key using the regedit export command into a text file.



                Next I modified the exported text in the text file so that it used HKEY_CURRENT_USER as the beginning of the complete key in front of the Software sub-key



                Next using regedit, I imported the data to modify the Windows Registry keys used by WinSCP for the current user.



                These actions did the following: (1) found the WinSCP logon Session data for the old user profile, (2) made a copy of that data, (3) modified the Windows Registry key to allow an import with regedit to modify the current user, (4) imported the data modifying the WinSCP registry entries for the current user profile.



                After doing this procedure I was able to access my web server with WinSCP.



                There are probably a couple of reasons why this was straightforward and worked. First of all this PC was used only by one person so was not shared reducing the false matches. Secondly I had Administrator privileges to the PC. Third this was Windows XP and not Windows 7/8.






                share|improve this answer























                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  I came to this answer while researching a slightly different problem however this was helpful and I wanted to share what I did.



                  My problem was that I was using WinSCP with passwords saved under Windows XP within an Active Directory domain which then changed. With the new Active Directory domain, my user profile also changed resulting in WinSCP showing no saved logon profiles.



                  In order to recover the previous WinSCP logon profiles I did the following.



                  Started up the regedit application and did a search for any keys that had a name of Martin Prikryl. After several false matches, I found the key with what looked to be the correct session data.



                  I then exported the WinSCP Session registry key using the regedit export command into a text file.



                  Next I modified the exported text in the text file so that it used HKEY_CURRENT_USER as the beginning of the complete key in front of the Software sub-key



                  Next using regedit, I imported the data to modify the Windows Registry keys used by WinSCP for the current user.



                  These actions did the following: (1) found the WinSCP logon Session data for the old user profile, (2) made a copy of that data, (3) modified the Windows Registry key to allow an import with regedit to modify the current user, (4) imported the data modifying the WinSCP registry entries for the current user profile.



                  After doing this procedure I was able to access my web server with WinSCP.



                  There are probably a couple of reasons why this was straightforward and worked. First of all this PC was used only by one person so was not shared reducing the false matches. Secondly I had Administrator privileges to the PC. Third this was Windows XP and not Windows 7/8.






                  share|improve this answer












                  I came to this answer while researching a slightly different problem however this was helpful and I wanted to share what I did.



                  My problem was that I was using WinSCP with passwords saved under Windows XP within an Active Directory domain which then changed. With the new Active Directory domain, my user profile also changed resulting in WinSCP showing no saved logon profiles.



                  In order to recover the previous WinSCP logon profiles I did the following.



                  Started up the regedit application and did a search for any keys that had a name of Martin Prikryl. After several false matches, I found the key with what looked to be the correct session data.



                  I then exported the WinSCP Session registry key using the regedit export command into a text file.



                  Next I modified the exported text in the text file so that it used HKEY_CURRENT_USER as the beginning of the complete key in front of the Software sub-key



                  Next using regedit, I imported the data to modify the Windows Registry keys used by WinSCP for the current user.



                  These actions did the following: (1) found the WinSCP logon Session data for the old user profile, (2) made a copy of that data, (3) modified the Windows Registry key to allow an import with regedit to modify the current user, (4) imported the data modifying the WinSCP registry entries for the current user profile.



                  After doing this procedure I was able to access my web server with WinSCP.



                  There are probably a couple of reasons why this was straightforward and worked. First of all this PC was used only by one person so was not shared reducing the false matches. Secondly I had Administrator privileges to the PC. Third this was Windows XP and not Windows 7/8.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Mar 26 '14 at 13:50









                  Richard Chambers

                  1651113




                  1651113






















                      up vote
                      1
                      down vote













                      Quoting WinSCP FAQ Can I recover password stored in WinSCP session?:



                      One way is to recover your password is enabling a password logging in preferences. See Log passwords and other sensitive information preference option. Then inspect the session log file to find the stored password.



                       . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
                      . 2017-06-13 07:41:11.313 WinSCP Version 5.9.5 (Build 7441) (OS 10.0.15063 - Windows 10)
                      . 2017-06-13 07:41:11.313 Configuration: HKCUSoftwareMartin PrikrylWinSCP 2
                      . 2017-06-13 07:41:11.313 Log level: Normal, Logging passwords
                      ...
                      . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
                      . 2017-06-13 07:41:11.313 Session name: My server (Site)
                      . 2017-06-13 07:41:11.313 Host name: example.com (Port: 22)
                      . 2017-06-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)




                      You can also abuse a Generate Session URL/Code function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the .NET assembly code, where only double-quotes are escaped (in all supported languages).



                      enter image description here






                      share|improve this answer























                      • The suggestion from WinSCP's FAQ was the solution in my case. I had a customer change their IP for an FTP server and reuse the original password. Many of the other solutions that have been posted here require you to first establish a connection, which was not possible in my case. I temporarily enabled logging of sensitive data, attempted to connect to the old IP, allowed it to fail, and the password used in the attempt was present in the log.
                        – root
                        Jul 3 at 12:55

















                      up vote
                      1
                      down vote













                      Quoting WinSCP FAQ Can I recover password stored in WinSCP session?:



                      One way is to recover your password is enabling a password logging in preferences. See Log passwords and other sensitive information preference option. Then inspect the session log file to find the stored password.



                       . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
                      . 2017-06-13 07:41:11.313 WinSCP Version 5.9.5 (Build 7441) (OS 10.0.15063 - Windows 10)
                      . 2017-06-13 07:41:11.313 Configuration: HKCUSoftwareMartin PrikrylWinSCP 2
                      . 2017-06-13 07:41:11.313 Log level: Normal, Logging passwords
                      ...
                      . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
                      . 2017-06-13 07:41:11.313 Session name: My server (Site)
                      . 2017-06-13 07:41:11.313 Host name: example.com (Port: 22)
                      . 2017-06-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)




                      You can also abuse a Generate Session URL/Code function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the .NET assembly code, where only double-quotes are escaped (in all supported languages).



                      enter image description here






                      share|improve this answer























                      • The suggestion from WinSCP's FAQ was the solution in my case. I had a customer change their IP for an FTP server and reuse the original password. Many of the other solutions that have been posted here require you to first establish a connection, which was not possible in my case. I temporarily enabled logging of sensitive data, attempted to connect to the old IP, allowed it to fail, and the password used in the attempt was present in the log.
                        – root
                        Jul 3 at 12:55















                      up vote
                      1
                      down vote










                      up vote
                      1
                      down vote









                      Quoting WinSCP FAQ Can I recover password stored in WinSCP session?:



                      One way is to recover your password is enabling a password logging in preferences. See Log passwords and other sensitive information preference option. Then inspect the session log file to find the stored password.



                       . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
                      . 2017-06-13 07:41:11.313 WinSCP Version 5.9.5 (Build 7441) (OS 10.0.15063 - Windows 10)
                      . 2017-06-13 07:41:11.313 Configuration: HKCUSoftwareMartin PrikrylWinSCP 2
                      . 2017-06-13 07:41:11.313 Log level: Normal, Logging passwords
                      ...
                      . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
                      . 2017-06-13 07:41:11.313 Session name: My server (Site)
                      . 2017-06-13 07:41:11.313 Host name: example.com (Port: 22)
                      . 2017-06-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)




                      You can also abuse a Generate Session URL/Code function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the .NET assembly code, where only double-quotes are escaped (in all supported languages).



                      enter image description here






                      share|improve this answer














                      Quoting WinSCP FAQ Can I recover password stored in WinSCP session?:



                      One way is to recover your password is enabling a password logging in preferences. See Log passwords and other sensitive information preference option. Then inspect the session log file to find the stored password.



                       . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
                      . 2017-06-13 07:41:11.313 WinSCP Version 5.9.5 (Build 7441) (OS 10.0.15063 - Windows 10)
                      . 2017-06-13 07:41:11.313 Configuration: HKCUSoftwareMartin PrikrylWinSCP 2
                      . 2017-06-13 07:41:11.313 Log level: Normal, Logging passwords
                      ...
                      . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
                      . 2017-06-13 07:41:11.313 Session name: My server (Site)
                      . 2017-06-13 07:41:11.313 Host name: example.com (Port: 22)
                      . 2017-06-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)




                      You can also abuse a Generate Session URL/Code function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the .NET assembly code, where only double-quotes are escaped (in all supported languages).



                      enter image description here







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited Feb 22 at 7:31

























                      answered Jun 13 '17 at 5:36









                      Martin Prikryl

                      10.7k43173




                      10.7k43173












                      • The suggestion from WinSCP's FAQ was the solution in my case. I had a customer change their IP for an FTP server and reuse the original password. Many of the other solutions that have been posted here require you to first establish a connection, which was not possible in my case. I temporarily enabled logging of sensitive data, attempted to connect to the old IP, allowed it to fail, and the password used in the attempt was present in the log.
                        – root
                        Jul 3 at 12:55




















                      • The suggestion from WinSCP's FAQ was the solution in my case. I had a customer change their IP for an FTP server and reuse the original password. Many of the other solutions that have been posted here require you to first establish a connection, which was not possible in my case. I temporarily enabled logging of sensitive data, attempted to connect to the old IP, allowed it to fail, and the password used in the attempt was present in the log.
                        – root
                        Jul 3 at 12:55


















                      The suggestion from WinSCP's FAQ was the solution in my case. I had a customer change their IP for an FTP server and reuse the original password. Many of the other solutions that have been posted here require you to first establish a connection, which was not possible in my case. I temporarily enabled logging of sensitive data, attempted to connect to the old IP, allowed it to fail, and the password used in the attempt was present in the log.
                      – root
                      Jul 3 at 12:55






                      The suggestion from WinSCP's FAQ was the solution in my case. I had a customer change their IP for an FTP server and reuse the original password. Many of the other solutions that have been posted here require you to first establish a connection, which was not possible in my case. I temporarily enabled logging of sensitive data, attempted to connect to the old IP, allowed it to fail, and the password used in the attempt was present in the log.
                      – root
                      Jul 3 at 12:55




















                       

                      draft saved


                      draft discarded



















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f100503%2fwhere-does-winscp-store-sites-password%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Plaza Victoria

                      Puebla de Zaragoza

                      Musa