Skip to main content

Microsoft Sticky Notes

Great security practices from Juliette and the development team! Storing passwords in cleartext is never a good security practice.

From an online reference, we can see that the data is stored in AppData directory of the user.

Proceed to retrieve sqlite3 files#

Venturing into C:\Users\juliette\Appdata\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState, we can see that there are a few sqlite3 files.

We will proceed to download plum.sqlite, plum.sqlite-wal and plum.sqlite-shm to our local machine.

Since SMB is a hassel to set-up, I have used scp to copy the files over.

scp juliette@10.10.10.228:/C:/Users/juliette/Appdata/Local/Packages/Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe/LocalState/<file name> .

Leaked passwords#

Since these are sqlite3 files, we can simply dump the content using strings.

Leaked credentials

Development account#

Seems like the password for development account is revealed. We will proceed to SSH in as development.