illmob.org

DPAPIck – Recover offline passwords

April 6th, 2010 by Dev Team in Password Info, windows

This is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API).
A non-exhaustive list of those recoverable secrets are :

* EFS certificates
* MSN Messenger credentials
* Internet Explorer form passwords
* Outlook passwords
* Google Talk credentials
* Google Chrome form passwords
* Wireless network keys (WEP key and WPA-PMK)
* Skype credentials

Of course you need to know the user’s current password, you can recover it from the SAM.
Download Here
You can also read an excellent article on the undocumented process of recovering DPAPI passwords here

DriveCrypt Security Model bypass

September 25th, 2008 by admin in News, Password Info
Synopsis

The password checking routine of DriveCrypt fails to sanitize the BIOS keyboard buffer before AND after reading passwords.

(more…)

McAfee SafeBoot Device Encryption Plain Text Password Disclosure

September 25th, 2008 by admin in News, Password Info

The password checking routine of SafeBoot Device Encryption fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users.
(more…)

How Google Chrome Stores Passwords

September 15th, 2008 by Dev Team in Uncategorized

Every browser released in the last decade has some sort of password management system, and Google Chrome is no different. Sift through the Chrome source code, released under the open source project Chromium, and you’ll found out how they do it.

Let’s start at the top and work our way down. Any time a password is saved, you’re first prompted with the save password bar.
(more…)

Recovering Internet Explorer Passwords: Theory and Practice

July 6th, 2008 by Dev Team in News, Password Info, windows

Brief introduction on how Internet Explorer stores its passwords

(more…)