Skip to main content

Microsoft Sticky Notes

Great security practices from Juliette and the development team! Storing passwords in cleartext is never a good security practice.

From an online reference, we can see that the data is stored in AppData directory of the user.

Proceed to retrieve sqlite3 files

Venturing into C:\Users\juliette\Appdata\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState, we can see that there are a few sqlite3 files.

We will proceed to download plum.sqlite, plum.sqlite-wal and plum.sqlite-shm to our local machine.

Since SMB is a hassel to set-up, I have used scp to copy the files over.

scp [email protected]:/C:/Users/juliette/Appdata/Local/Packages/Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe/LocalState/<file name> .

Leaked passwords

Since these are sqlite3 files, we can simply dump the content using strings.

Leaked credentials

Development account

Seems like the password for development account is revealed. We will proceed to SSH in as development.