December 19th, 2004, 12:00 AM
i've just finished writing my new program.
The program is able to dump the password from the logged in XP user to the screen.
it is not using any exploits or anything, merely it looks at the memory in lsass.exe and retrieves the password from there.
currently it is released as freeware, but perhaps in the future i will release it under the GPL.
the program is called CachedPasswordDumperXP v1.0.
you can get it here.
i have written this program since it might be useful in penetration tests (or merely as a password reminder tool).
i hope you guys like it, and please let me know what you think of it.
in the future i am planning to add windows 2000 and windows 2003 to this program, so that it can work on all 3 OS's.
December 19th, 2004, 07:35 AM
I tried the program on both my limited and admin account with no succes.
With my limited account, I got the message "Perhaps this account is too limited.."
-That's good to know, because that's the account I always use.
With my admin account, I got the message "The password cannot be found"
-I used the program just after logging in as admin.
I use Windows XP Pro SP2
\"keep your friends close, your enemys closer, and your administrator closest.\"
December 19th, 2004, 08:08 AM
Windows XP Home
C:\Documents and Settings\Owner\Desktop\cpdXP>cpdXP.exe
CachedPasswordDumper XP v1.0
Copyright (C) 2004 White Scorpion, all rights reserved.
******** http://www.white-scorpion.nl ********
The username is: EMPIRE\Owner
The password cannot be found
December 19th, 2004, 10:33 AM
are you also using SP2 ;TT ?
perhaps this is the problem since i've wrote and tried it on a newly installed system without SP2.
if this also is the case, then i have to change the offset for SP2 i think... it is also a possibility that you might have disabled the caching of passwords in the GPO, please let me know...
[EDIT]the program has a problem with SP2, SP2 is using a different way of storing the password, i have removed the download and it will be back up again in a few hours, this time with support for windows 2003, but still not with support for XP SP2, this will take a little longer...
also i have changed the name to CachedPasswordDumper v1.1 since it will now work on more then just XP..
check my site in a few hours to find the upgrade..[/EDIT]
[EDIT2]The new program is up again, but it only supports XP up to SP1 and 2003 (SP0). The new SP's are both using a different protection way, so i need to figure it out first before it will be added...[/EDIT2]