-
January 17th, 2002, 02:48 AM
#1
Junior Member
.pwl hacking
Ive been trying to do some security checks on my own computers, and i feel like a complete idiot here coming from using linux to asking about windows.. but..
im trying to view whats in my .pwl file to see how secure it is. I know it could just be renamed, but thats a different problem. I tried viewing it in notepad but its encrypted. is there a program i could use? id like to secure this computer a little better.. even for windows.
Thanks for the help.
~DreamWeaver~
-
January 17th, 2002, 06:35 AM
#2
Okay, here's the skinny on .pwl files in Windows 9x. You CAN cause them NOT to be created through some registry keys (more on that if you want). They appear in c:\windows\ as the username (first 8 characters) and with a PWL extension. They are encrypted with your windows-logon password, (Novell network passwords work in this effect, as do simple user-profile passwords, which give you custom desktops and wallpapers, etc.)
The encryption method is VERY insecure, comparatively. If your windows logon password isn't humungous, I suggest either disabling pwl caching, or running a batch file to delete them each startup.
Now, to the cracking! I would suggest trying Cain (search from google), with later versions called Cain and Abel. Abel is a trojan that can be placed on a computer to collect pwl passwords, so be prepared for some virus alerts. Cain can run brute-force or dictionary attacks against a pwl file, but you have to supply the username. If the username is over 8 characters or contains invalid DOS-filename characters, you'll have to do some educated guessing.
[HvC]Terr: L33T Technical Proficiency
-
January 17th, 2002, 05:13 PM
#3
Junior Member
I have Cain + Abel, but whenever i start the attack on the .pwl from cain, itll tell me how long the password is (5 chars) but it wont tell me what it is.. :Confused:
~DW~
-
January 17th, 2002, 05:32 PM
#4
Junior Member
previously id used cain 2.0 cain 1.0 seems to work much better. Just thought youd like to know. I obtained it from packetstorm i believe.
Thanks,
~DW~
-
January 17th, 2002, 06:23 PM
#5
Originally posted by Terr
Okay, here's the skinny on .pwl files in Windows 9x. You CAN cause them NOT to be created through some registry keys (more on that if you want). *****yes Terr MORE*****
The encryption method is VERY insecure, comparatively. If your windows logon password isn't humungous, I suggest either disabling pwl caching, or running a batch file to delete them each startup.
The encryption method is VERY VERY insecure. There is a proggie called revelation by snadboy...it is able to decode the .pwl for the screensaver on win98. You can study the the de-encryption method he uses...He will even give you the source code.
-
January 17th, 2002, 09:14 PM
#6
Originally posted by antihaxor
The encryption method is VERY VERY insecure. There is a proggie called revelation by snadboy...it is able to decode the .pwl for the screensaver on win98. You can study the the de-encryption method he uses...He will even give you the source code.
Uhm... my understanding had been that Revelation uses a call in windows which only works if you are ALREADY LOGGED IN. In other words, someone had to put the windows logon password in correctly already. It won't work if you have a .pwl file itself, and are not already in a session on the computer.
In other words, it decrypts the CONTENTS of the pwl file, but only if you are already logged in, and it doesn't give you the actual logon password.
Maybe I'm wrong, but whatever.
EDIT:Oops! I got Revelation mixed up with another program, but I think Revelation still only works if you are already logged in. (Revelation is different from what I just described, but same limitations, will elaborate if necessary.)
[HvC]Terr: L33T Technical Proficiency
-
January 18th, 2002, 06:27 AM
#7
I'm not sure if this will help you but you do not even have to view the .pwl files to bypass the login. When you boot your pc boot to DOS. Now all you have to do is find the pwl file you want and rename the extension to .zzz* Hope that helped.
-
January 18th, 2002, 11:17 AM
#8
Member
hey Terr, could you tell some more about the registry and PWL files thing ??
-
January 18th, 2002, 03:49 PM
#9
Junior Member
.pwl hacking
Here's a way to hack .pwl password in Win 9x... Just try to get Cain and Abel password cracker but you must supply a username inorder to crack the password... Another way is to find the .pwl pass and delete it then reboot the computer and the computer will ask you to supply again a new pass...
Uhm... my understanding had been that Revelation uses a call in windows which only works if you are ALREADY LOGGED IN. In other words, someone had to put the windows logon password in correctly already. It won't work if you have a .pwl file itself, and are not already in a session on the computer. <---I agree with terr on this
-
January 18th, 2002, 04:47 PM
#10
Junior Member
Very Good Terr But I Just Wondered If You Could Please Teach Me How To Delete These Password Files From The Registary So My User Passwords Cannot Be Ripped With Programmes Like Cane Can You Tell Me How To Do This In Windows 98 And Windows XP Please Thanx Scott
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|