What's My Pass? » passwords

Copy Opera9 passwords to Beta 10

admin — Wed, 03 Jun 2009 21:23:47 +0000

For those of you trying out the new beta version of Opera,the all new opera 10 BETA 2 does not detect previous versions of opera and does not offer upgrading from previous versions.If you want all your passwords copied just do this from a command prompt:

copy "%userprofile%\AppData\Roaming\Opera\Opera\profile\wand.dat" “%userprofile%\AppData\Roaming\Opera\Opera 10 Beta\wand.dat”

AIM Recover

Dev Team — Fri, 27 Mar 2009 04:20:29 +0000

AOL Instant Messenger Password Recovery Software easily recovers and exposes all lost or forgotten AIM saved passwords. Easily retrieves password information instantly regardless of the password length and complexity with full support to all AIM 6.x versions. AIM Recover is written in pure assembly language.

AIM 6.x (6.5 & beta 6.8) uses 2 algorithms to encrypt your AIM password. First the Blowfish algorithm is used to encrypt the AIM password using a 448 bit keyword.
The encrypted string is then encoded using base64 and stored in the registry at:
\\HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

Software Requirements

Processor: Pentium class or equivalent processor
RAM: 64MB RAM recommended
Hard Disk: 15kb free hard disk space
Supported Operating System: Windows 98/ ME/ NT/ 2000/ 2003/ XP/ Vista /Win7

Trial and registration

Evaluation version is available for FREE download. This unregistered (demo) software recovers only the first 3 characters in password (rest is shown as ‘*’).

Download Aim Recover Demo

974 downloads

In order to display full Password you should register for licensed Software.
Only $4.99!! All proceeds go to supporting this site!

Test Weak Linux Passwords With JTR

Dev Team — Sat, 13 Sep 2008 04:49:46 +0000

Enforcing password security with a multiple-user system can be a hassle — users all too often use inadequate passwords. john-the-ripper (also available via most distros) is a password-cracking tool that enables the identification of vulnerable passwords before someone with nefarious intentions finds the weakness.

The first step is to extract the username/password information from the relevant files, using the provided unshadow tool:

unshadow /etc/passwd /etc/shadow > /tmp/password.db

After that, john has three cracking modes:
# Dictionary mode, which tests passwords based on dictionary words. You can use the provided dictionary or provide your own, and there’s an option to enable “word mangling” rules.
# “Single crack” mode, which uses login names and various /etc/passwd values as password candidates, as well as applying word mangling rules.

Incremental mode, which tries all possible character combinations and will obviously take a very, very long time to run. You can change the parameters for this via the config file.

You can run one at a time (in which case, try “single crack” mode first), or run all of them consecutively with

john /tmp/password.db

To show results, use

john –show /tmp/password.db

unshadow will produce a password database only on systems that use /etc/passwd and /etc/shadow for login. For centralized systems, there’s a Kerberos5 module available, or the supplied unafs utility extracts Kerberos AFS passwords. There’s also a LDAP module.

Also remember that you can limit cracking attempts through measures such as locking out specific IP addresses after multiple failed ssh attempts or limiting the number of times a user can get a password wrong when logging on.

Windows Password Recovery Tools

Dev Team — Fri, 14 Mar 2008 05:51:13 +0000

There are several ways to obtain password hashes, depending on their location and existing access. Password hashes can be obtained from SAM file or its backup, directly from local or remote computer registry, from registry or Active Directory on local or remote computer by means of DLL injection, from a network sniffer. The SAM file located in the %SystemRoot%\system32\config directory or %SystemRoot%\repair directory. It is also possible to recover the password itself from memory.

Here’s a few free tools to help you recover lost/unknown Windows passwords, most come with the source code included.

LCP 5.04 – user account passwords auditing and recovery in Windows NT/2000/XP/2003. Can get local or remote hashes and recovers by using
* dictionary attack;
* hybrid of dictionary and brute force attacks;
* brute force attack;

PWDump7 – A newer Windows password hash dumper using rootkit technology to inject and dump Windows password hashes. The resulting hashes can be then be cracked by a program such as John the Ripper(free),or SamInside(not free) or using Rainbow Tables

CachedPasswordDumper v1.3 – This program dumps the password to the screen from the account that is logged in at that time. Currently only Windows XP (up to SP1) and Windows 2003 Server (SP0) are supported. For WinNT/2K use Password Reminder

Alternatively you can boot from a Floppy or CD and use Offline NT Password & Registry Editor which allows you to reset your password to a blank password

CacheDump – The default behavior of Microsoft Windows domain members is to cache the last 10 different login credentials in the registry. Using a tool called CacheDump written by Arnaud Pilon you can dump the cached credentials to a file and this can be cracked with a plugin for john the ripper

PwDumpX 1.4 – is a tool that combines PWDump, Cachedump, and LSADump all in one tool. It allows a user with administrative privileges to
retrieve the domain password cache, password hashes and LSA secrets
from a Windows system