Stealing Windows credentials is the ultimate goal of every penetration tester. Being able to leak them outside the local network just aggravates the problem. There are many ways one can achieve this, some requiring complex attacks or user interaction. There is however an old and undocumented Windows feature that transforms the business of stealing Windows credentials a walk in the park. Let me introduce Windows Explorer Shell Command Files.