Notepad

This module searched for stored data in Notepad and Notepad++ in the following locations:

Notepad++ backup files:
C:\Users\<UserProfile>\APPDATA\Roaming\NotePad++\backup\
Microsoft Notepad backup files (Windows 11 / Server 2025 only)
C:\Users\<UserProfile>\AppData\Local\Packages\Microsoft.WindowsNotepad_*\LocalState\TabState\

Default behaviour in Windows 11 and Windows Server 2025 is to store Notepad files on disk in binary files. This module will attempt to extract readable strings from these files.

For each system output is stored in $pwd\PME\PME\Notepad\

Supported Methods

MSSQL
SMB
SessionHunter (WMI)
WMI
WinRM

Optional Parameters

Parameter

Value

Description

-ShowOutput

N/A

Displays each target output to the console

-SuccessOnly

N/A

Display only successful results

Usage

# Standard execution
PsMapExec -Username [User] -Password [Pass] -targets [All] -Module Notepad -Method [Method] -ShowOutput

Last updated 9 months ago

Was this helpful?