UGN Security Forums UGN Security: Knowledge Base Operating Systems Windows & Windows Security windows help

windows help

ok could someone tell me how to find the stored passwords and user names on a pc ?
ie when you log into a website and the login box appears and you just click ok because earlier you clicked remember login details. where are these stored and are they encrypted and can they be unencrypted ?
I am trying to teach myself all about windows and its security but this one has me stumped i just cant find where they are stored i thought they were pwp files but my pc hasnt got any of those i am running 98.

mhm...that's why we have a Windows Security forum, bud.

Moved.

i think the passwords are saved on the website where you have to enter the password and i think they arent viewable by either side, the site user or the site. they might be called "cookies" but i really am one of the stupider computer people so everything i said has a very good posibility of being bullshit. i dunno

<img border="0" alt="[Bang]" title="" src="graemlins/bang.gif" /> <img border="0" alt="[Sheep]" title="" src="graemlins/sheep.gif" />

ja, it's all stored in cookies me friend. It'll be in your temporary internet files, just sort by 'TYPE' and look through the list of cookies for the website you're looking for. Then you can copy it and paste it someplace else and open it in notepad to see what's inside.

ahh so thats how it works

thanx

...if you didnt know about cookies you definitley wanna look into it, i've even gotten viruses through cookies(least thats what norton popped up saying)

I think you misunderstood Norton. I know how cookie data is exchanged between server and client and how it's handled. I don't see any opportunity for code within a cookie (Text file) to be executed.

well listen guys, SilentRage was right when he told you to go and look at the cookies, but listen, cookies could be called sensitive too just like passwords, coz just go there and check the documents, you'll see just encryption.

e.g. a file like administrator@apple[1]
when you open it with notepad for example. All you'll see is this:

pcidconsumer
9362194
apple.com/
0
610778752
29590288
4156834080
29516895
*

now you understood anything ? i'd say no, you need to decrypt them i think.

Hmm, there used to be a revelation program that would grab peoples passwords that they "saved" via internet explorer. I believe this it is same process as when using autocomplete. If you have a cookie with the info you need not even see a login page. The webserver will know.

If it is a saved password via internet explorer or autocomplete, then you can get a program that will find and decrypt the passwords in the pwl or user.dat file. I think it uses the user.dat, but it has been a while and I know there are programs for viewing both. Might depend on OS version also.

My apologies for my shitty memory, but I hope it helps.

yea yea you're hell right Insanity. I remember now... well forgot the name and stuff but i'll look around if i can find what that thing.

P.S. i think it uses the .pwl

Its all about the keylogger...

user.dat is one of the main 2 registry files. It may be stored in the registry encrypted. I have never tried to find where they're stored.