Here is the scenario:
- Windows can automate a variety of repetitive tasks, such as the mass rollout or installation of Windows on many systems.
- This is typically done through the use of Unattended Windows Setup utility, which is used to automate the mass installation/deployment of Windows on systems.
- This tool utilizes configuration files that contain specific configurations and user account credentials, specifically the Administrator account's Pass.
- It the Unattended Windows Setup configuration files are left on the targety system after installation. They reveal user account credentials that ca be used by attackers to authenticate with windows target legitimately.
C:\\Windows\Panther\Unattend.xml Typically found here...C:\\Windows\Panther\Autounattend.xml