Where does WinSCP store site's password?



Where does WinSCP store site's information or password? I can't find it under Documents and Settings...


Posted 2010-01-25T22:45:31.867

Reputation: 6 535

I know this solution will be too easy for superusers ;) but if you don't want to get hands dirty or just need to see passwords asap, imho good option is to use smartftp's additional tool password recovery. i don't want to advertise or something, but for me it was really useful utility. btw here is quick tut how to see those passwords: http://www.digitalette.com/web/recover-lost-ftp-passwords-winscp/ hope i helped

– flasherr – 2014-05-03T13:16:59.170



The configuration file is stored either in the Windows registry or, if you are using the portable version, in an INI file. (See the documentation.) The registry location is:

HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2

You can always export the settings to an INI file by pressing Export in the preferences dialog.

Note that your passwords are not stored in text, but encoded. Though difficult to decrypt, it is not impossible.

Paul Lammertsma

Posted 2010-01-25T22:45:31.867

Reputation: 3 508

4In WinSCP 5.2.x and later the export function has been moved to Tools > Export/Backup Configuration on Login dialog. – Martin Prikryl – 2013-11-21T07:35:25.687


Try this method.

login into your saved session

go to session menu

click on generate URL

only check username and password options (If you need current directory path click on this option aswell)

You have multiple options, URL/Script/.Net Assembly, select desired.

click on copy to clip board.

it will contain username and password.

thats it.


Posted 2010-01-25T22:45:31.867

Reputation: 301

2Life saver, I have almost 100 accounts with unknown (saved) passwords. This is what worked for me. – Andy Gee – 2016-04-13T18:01:31.513

2This is the easiest answer – Gajotres – 2016-11-29T09:47:09.980

1be sure to do a url decoding if your psw contains special characters – KuN – 2018-07-27T03:55:47.150


This is a simplified version of Cesar's excellent answer and assumes your password still works in SCP.

Create a batch file called echo.cmd that contains the following:

echo %*

Place it on a suitable place, such as your desktop.

Fire up WinSCP and connect to your site. Click on Options -> Preferences:

WinSCP Preferences

On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created echo.cmd batch file. Also select the option:

Remember session password and pass it to PuTTY (SSH)

WinSCP Putty Preferences

Click OK.

Now launch PuTTY from within WinSCP.

Your previously stored password should now be displayed on the screen!

Steve Eynon

Posted 2010-01-25T22:45:31.867

Reputation: 191


Create a new C# console application, then type the following program:

namespace ConsoleApplication8
    class Program
        static void Main(string[] args)
            foreach (var str in args)

If you are not a C# programmer, you can do as easily on any other language you might be familiar with. The point is simply to print whatever values are passed as an argument to your program. You can even do it with a script, if that is more familiar to you.

Now, compile your program, and grab your binary (such as ConsoleApplication8.exe). Place it on a suitable place, such as your desktop.

Now, if your password still works, fire up WinSCP and connect to your site. Click on Options -> Preferences

enter image description here

On the Preferences dialog, go to Integration -> Applications. Replace what was previously in the PuTTY path with the path to your newly created binary. Also select the option "Remember session password and pass it to PuTTY (SSH)".

enter image description here

Click OK, and then try to launch PuTTY from within WinSCP.

Your previously stored password should now be visible in your screen.


Posted 2010-01-25T22:45:31.867

Reputation: 158

2That's pretty clever! – Paul Lammertsma – 2014-02-04T15:29:18.767


I had a very weird use case, I needed to recover my password, but my system admins had locked down my environment so I couldn't run any non-whitelisted executable files, and that included .cmd files.

My solution was to instead point the Putty command line to Notepad++.

When it ran it said "File -pw" does not exist, should I create it, you say no.

Then it says "File {the password shows up here} does not exist, should I create it" and again you say now, and bam, there was the password in clear text.

Toby Wild

Posted 2010-01-25T22:45:31.867

Reputation: 61

1Nice trick. I wonder if the command line parameters could also be made visible in, say, Windows Task Manager? (In Unix, running ps would show passwords if those were specified on the command line, also for sub-processes, if they would keep running for some time.) – Arjan – 2015-08-17T00:58:53.477


You could use a tool like WireShark to "see" what goes on over the wire. What I mean is to have a packet capturing session running (in WireShark) and then login to your FTP server (using WinSCP, with NO encryption).

Then, by looking at the registered session in WireShark, one could easily identify the "discussion" (filtering by the destination IP for example) and then identifying the Request: USER blabla, and then REQUEST: PASS blabla, at the FTP level of the "conversation".


Posted 2010-01-25T22:45:31.867

Reputation: 205


I came to this answer while researching a slightly different problem however this was helpful and I wanted to share what I did.

My problem was that I was using WinSCP with passwords saved under Windows XP within an Active Directory domain which then changed. With the new Active Directory domain, my user profile also changed resulting in WinSCP showing no saved logon profiles.

In order to recover the previous WinSCP logon profiles I did the following.

Started up the regedit application and did a search for any keys that had a name of Martin Prikryl. After several false matches, I found the key with what looked to be the correct session data.

I then exported the WinSCP Session registry key using the regedit export command into a text file.

Next I modified the exported text in the text file so that it used HKEY_CURRENT_USER as the beginning of the complete key in front of the Software sub-key

Next using regedit, I imported the data to modify the Windows Registry keys used by WinSCP for the current user.

These actions did the following: (1) found the WinSCP logon Session data for the old user profile, (2) made a copy of that data, (3) modified the Windows Registry key to allow an import with regedit to modify the current user, (4) imported the data modifying the WinSCP registry entries for the current user profile.

After doing this procedure I was able to access my web server with WinSCP.

There are probably a couple of reasons why this was straightforward and worked. First of all this PC was used only by one person so was not shared reducing the false matches. Secondly I had Administrator privileges to the PC. Third this was Windows XP and not Windows 7/8.

Richard Chambers

Posted 2010-01-25T22:45:31.867

Reputation: 163


Quoting WinSCP FAQ Can I recover password stored in WinSCP session?:

One way is to recover your password is enabling a password logging in preferences. See Log passwords and other sensitive information preference option. Then inspect the session log file to find the stored password.

 . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
 . 2017-06-13 07:41:11.313 WinSCP Version 5.9.5 (Build 7441) (OS 10.0.15063 - Windows 10)
 . 2017-06-13 07:41:11.313 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
 . 2017-06-13 07:41:11.313 Log level: Normal, Logging passwords
 . 2017-06-13 07:41:11.313 ---------------------------------------------------------------
 . 2017-06-13 07:41:11.313 Session name: My server (Site)
 . 2017-06-13 07:41:11.313 Host name: example.com (Port: 22)
 . 2017-06-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)

You can also abuse a Generate Session URL/Code function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the .NET assembly code, where only double-quotes are escaped (in all supported languages).

enter image description here

Martin Prikryl

Posted 2010-01-25T22:45:31.867

Reputation: 13 764

The suggestion from WinSCP's FAQ was the solution in my case. I had a customer change their IP for an FTP server and reuse the original password. Many of the other solutions that have been posted here require you to first establish a connection, which was not possible in my case. I temporarily enabled logging of sensitive data, attempted to connect to the old IP, allowed it to fail, and the password used in the attempt was present in the log. – root – 2018-07-03T12:55:00.237


Just set log level to maximum in WinSCP, and connect in the server. The logs contain plain password.

Logs Preferences

Eduardo Gonçalves Corrêa

Posted 2010-01-25T22:45:31.867

Reputation: 1

It's not the log level, but about the "Log passwords and other sensitive information". – Martin Prikryl – 2019-04-23T09:12:37.383

Sorry. Yes, have to check the option "log passwords ..." – Eduardo Gonçalves Corrêa – 2019-04-24T08:18:19.293