Thunderbird has forgotten password - and so have I!
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Thunderbird has forgotten password - and so have I!

  1. #1
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063

    Thumbs down Thunderbird has forgotten password - and so have I!

    For some reason both Thunderbird and myself have forgotten the password for one of my email accounts. On my laptop it is stored and remembered and I wonder if anyone knows where in the roaming appdata of Vista this information is stored.

    I'd like to overwrite the email settings with those of the laptop, but don't want to lose all my current email. If I have to formally change this password it affects a whole lot of other stuff - it would be easier during a period where I'm very time poor - just to have the original one recovered.
    77 111 105 114 97

    My PGP signature

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Just install a sniffer (wireshark i.e.) on your laptop. Sniff port 110 traffic (for POP3) and collect your email. Your password will be sent in the clear, easily readable in the dump.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    One of these might jog your memory:

    http://www.passcape.com/mozilla_password_recovery.htm

    http://www.nirsoft.net/utils/mailpv.html

    edit -- you might try Snadboy's Revelation 2.0 to reveal asterisk passwords.

    http://www.snadboy.com/
    Last edited by brokencrow; May 15th, 2008 at 03:07 AM.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #4
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    Many thanks, I'll give them a try! In fact the mailpv has found the start of the pass, but I would need to buy the full copy to get something to crack the rest of it. Could be worth it though - I'm always forgetting passwords.
    77 111 105 114 97

    My PGP signature

  5. #5
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Quote Originally Posted by Moira
    I'm always forgetting passwords.
    I never save passwords in any of my apps. Manually entering them each
    time may be a pain to some, but it's good discipline. Snadboy comes in
    real handy. I use it regularly on OPM's (other people's machines). Freaks
    people out when they see how easy it is to circumvent some apps. Doesn't
    work all the time though (won't get me AOL passwd's anymore -- they built
    in some protection). Fwiw, I ALWAYS delete Snadboy when I'm done. I
    do not like leaving tools like that installed on a harddrive. Anyones.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #6
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    Sounds a good way to work! I think more people ought to be shown just how easy it is to circumvent a lot of so called safe password protected places. And don't use the same password for each login - however strong your pass is, put it in a Word document and it can be retrieved within seconds, not because it's a weak password, but the method of hiding passwords in Office is not particularly good. I have to admit, this is the older versions of Word, I haven't tested Office 2007 or even 2003 but it's probably the same.

    Likewise a windows login. I used to have a program that retrieved logins very easily due to the poor way Windows stored them. The free program would use a dictionary attack and the paid for version would brute force - often not even necessary.

    LOL, isn't that just so AOL? I often wonder how such a lame ISP in lots of ways can sometimes end up being the only sodding program that isn't vulnerable to a particular hack!
    77 111 105 114 97

    My PGP signature

  7. #7
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Is it really safer? I mean if your system is compromised to the point where they can search out a file containing an encrypted password stored, couldn't it also contain a key logger which will grab your password when you type it?

  8. #8
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    Credit me with some common sense and computer knowledge, please!. I think I might know if I had a keylogger installed, also in this case the lady in question simply had her laptop stolen from the park (God knows what she was doing in the park with it), and it doesn't take a l337 h4X0r to do that!

    Actually maybe I should have kept quiet about computer know how. What am I meant to be doing with this Wireshark thing? I asked it to capture a particular file - app data wasn't accessible so I pointed it to imap mail, local store. Nothing happened except when I eventually stopped it, having captured the marvellous total of zero packets, I got a message telling me to turn off promiscuous mode in capture options! Why is it calling my mail promiscuous? Anyway I can't see how to turn this off, I tried several more likely looking files but it's just not capturing packets or packets aren't being generated.

    The partial password retrievers have given me part of the pass, which is a big help, but they don't give me the whole word, so I'm still stuck.

    PS How do I sniff a port?
    Last edited by Moira; May 15th, 2008 at 07:33 PM.
    77 111 105 114 97

    My PGP signature

  9. #9
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    I didn't mean in your or her case, Moira, I meant in general.

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Wireshark is a network analyzer. You use it to capture network traffic.
    Start it up.
    Go to Capture -> Options.
    Pick the correct network interface.
    Set Capture filter to: port 110
    Click start..

    Collect your email.

    Stop capture.

    Have a look at the data. Email (POP3, port 110) is all clear text. I am assuming you use POP3 to collect your mail.
    For IMAP (also clear text) you would capture port 143.
    Last edited by SirDice; May 16th, 2008 at 05:45 PM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Secure Passwords Tutorial
    By NeonWizard in forum The Security Tutorials Forum
    Replies: 5
    Last Post: August 13th, 2004, 07:54 PM
  3. Windows XP Tips
    By Nokia in forum Tips and Tricks
    Replies: 4
    Last Post: June 18th, 2004, 05:24 PM
  4. Good Password: Common Practices
    By jdenny in forum The Security Tutorials Forum
    Replies: 7
    Last Post: August 30th, 2002, 05:34 PM
  5. Securing Your Windows PC
    By E5C4P3 in forum The Security Tutorials Forum
    Replies: 10
    Last Post: June 12th, 2002, 05:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •