Recovering Clear Text Passwords – Updated

Wednesday, June 13, 2012

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

I recently wrote articles on both Mimikatz and WCE, two programs that can recover passwords from Windows based systems in clear text. There has been some updates for both and I just wanted to pass them along.

Mimikatz:

Benjamin Delpy aka ‘gentilkiwi‘, recently spoke at the Positive Hack Days security conference in Moscow. At the conference our friend discussed a new version of Mimikatz, one that exploits a weakness in the LiveSSP provider and allows the viewing of Windows Live passwords from Windows 8 systems!

The Mimikatz program and a copy of the PH Days presentation slides can be found at the Gentilkiwi website.

Windows Credentials Editor

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present.

Hernan from Amplia Security (creator of WCE) contacted me as soon as I posted the article. As fast as I could run some tests for him on my configuration, he created a fix for this. The delay between the original article and the fix was completely on me. Hernan was amazing!

In a test version he sent me, WCE correctly recovered and displayed both users with passwords and those without, as you can see in the screenshot below:

(click image to enlarge)

Secure_User has the insane password, the user George went the bad route and used his first name as a password, and Fred chose worse, as he used no password at all. And of course all three are administrator accounts. Good thing this is just a test Virtual Machine! 

WCE can be obtained from Amplia Security.

The talent that both Benjamin and Hernan have is just amazing. Though I have dabbled with programming since I was a kid, (okay I suck at it!) these guys are just on a whole different level.

Thanks so much for your work!

Cross-posted from Cyber Arms

Possibly Related Articles:
5180
Network Access Control
Information Security
Passwords Access Control Hacking Tools Penetration Testing Pentesting Mimikatz Windows Credentials Editor
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.