All programs, links to which I have posted here, are freely distributed free software, the ethical and legal consequences of its use are entirely on your conscience.
Most antivirus programs identify these programs as malicious due to their specific behavior, therefore, before using them, you must add them to the antivirus exceptions (or disable the antivirus altogether). Thanks to this page, my site was listed as unsafe for some time according to Symantec. It's good that search engines don't agree with him. What can you do, there were times when the utilities of the package were also considered viruses, and today they are available for download from the official Microsoft website. There are NO viruses here. If you are prompted for a password when opening an archive, use - novirus
Download (less than 40 kb, archive is password protected novirus)
SniffPass listens to traffic on the selected network interface, and intercepts passwords, displaying them in the main program window. It is possible to intercept passwords for the POP3, IMAP4, SMTP, FTP, HTTP protocols (basic authentication passwords). Can be used to recover forgotten passwords for email, FTP resources and websites.
Asterisk Logger v1.02 (astlog.exe) Download (less than 26 kb, archive is password protected novirus)
WebBrowserPassView- a single utility for recovering passwords stored in Internet browsers Internet Explorer (Version 4.0 - 9.0), Mozilla Firefox (all versions), Google Chrome, and Opera. The utility allows you to recover forgotten passwords for sites, including the popular Vkontakte.ru (vk.com) Odnoklassniki, Facebook, Yahoo, Google, GMail, in cases where the password was remembered by the browser itself. Recovered passwords can be saved in text/html/csv/xml format using the "Save Selected Items" menu item (Ctrl+S key combination).
In the future, this program may well become a replacement for the entire family of utilities for recovering passwords in browsers. From version to version WebBrowserPssview is gaining more and more functionality and capabilities.
MessenPass v1.12 (mspass.exe) Download (less than 44 kb, archive is password protected novirus)
Mail PassView is a small utility for recovering passwords and some other account data stored in the following client software:
Protected Storage PassView v1.63 (pspv.exe) Download (less than 34 kb, archive is password protected novirus)
Allows you to retrieve passwords stored in the registry section HKEY_LOCAL_MACHINE\Security\Policy\Secrets
This section may contain remote access passwords (VPN connections), a password for automatic login (Autologon) and some other system keys and passwords. Can be used without installation in Windows 2000/XP/Vista/7. Allows you to obtain passwords from another Windows operating system using the "File" - "Advanced Options" menu or using the /external switch on the command line:
LSASecretsView.exe /external g:\windows- Where g:\windows- this is the system directory of the Windows OS, the passwords of which will be displayed.
The results of LSASecretsView can serve as an additional source of information when recovering lost passwords or keys.
In addition to this material, it contains a short list of password recovery programs with a description and links to download current versions from the developer’s website.
In addition to password recovery programs, the developer’s website has many free utilities to help the system administrator, most of which are combined into a convenient package, which is a kind of shell for running programs grouped into categories:
Plastic bag NirLuauncher does not require installation and can be used as portable software, launched, for example, from a flash drive and running under Windows 2000/XP/Windows7/Windows8 operating systems. can also be used in Windows PE and diagnostic products based on Windows PE (ERD Commander). In addition to programs for password recovery, the package includes utilities for network monitoring, command line extensions, optimization and research of the system, browsers, desktop, etc. It is possible to Russify the package. You can download it on the download page. Chapter Translation Packs
contains links to download support files for more than a dozen different languages, including Russian. As a nice addition, it is possible to add the Nirlauncher shell, Sysinternals Suite, Joeware Free Tools and free programs from Piriform (CCleaner, Defraggler, Recuva, Speccy) to the environment.
Don't leave your laptop or desktop computer unattended, even for a couple of seconds! Otherwise, passwords from your page on social networks, blog and email may fall into the hands of an attacker. This is now possible thanks to a free program called WebBrowserPassView. Thanks to it, the secrets on your computer will become clear, and you won’t even have time to blink.
As Ilya Sachkov, CEO of Group-IB, explained to RBC daily, such software cannot be considered malicious. The program is executed with the user's permission, but it is executed locally and does not send any data anywhere. It automatically provides access to information that can already be viewed in other ways. This program does not pose any new threats.
WebBrowserPassView displays only credentials saved in browser forms, therefore, according to Mr. Sachkov, it is enough not to save passwords using standard web browser tools, and in this case the user is not in any danger. In addition, this software cannot retrieve passwords protected, for example, by the master key of the Opera web browser. Passwords in IE are encrypted using the web addresses they belong to, so if you delete your browsing history, you won't be able to retrieve the passwords either.
The first step is to use password-protected user accounts and lock the computer when left unattended. You should not save credentials for important websites in browsers. Where possible, it is recommended to use additional protection in the form of master keys. The main thing to remember is that not only such a harmless utility can retrieve passwords. Much more often, the login-password pair is stolen by attackers using malware, which really poses a threat to the security of users’ private information, the expert notes.
According to project manager ADV/web-engineering co. Nikita Dubinkin, the WebBrowserPassView program gets access to passwords by scanning browser system files. Moreover, the program can work with all browsers on Windows OS, except for the Safari browser from Apple. To use this program, an attacker must gain access to the target's computer. The computer must be authorized under the account used by the victim.
“This particular program is not dangerous for users of the Apple Safari browser and is not dangerous for those who use Linux or MacOS on their PC. However, the very existence of this program shows that password encryption methods in browsers are not reliable enough. And, in order not to be afraid for the security of your own data, you should refuse to store passwords for important sites (e-mail, online banking systems, etc.) in the browser,” recommends Mr. Dubinkin.
Additional Information.
The utility is used to remember forgotten passwords saved in Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera browsers.
System requirements: Windows 2000 and higher.
Features: opens the passwords of the current user, i.e. which account it will be launched in will show those passwords. If you need to view the passwords of another user, then in the settings you can specify the path to the folder with the profile of the desired user. This applies to almost all utilities from NirSoft, which will be discussed below.
:: How to find out passwords in the Google Chrome browser without special programs
In the Chrome browser, you can find out passwords without using any special tools. Just enter in the browser line:
chrome://settings/passwords
:: How to find out passwords in the Firefox browser without special programs
At the top of the Firefox window, click the button Firefox and select Settings. Go to the panel Protection. Click Saved passwords... and a window with saved passwords will open.
::ProgramDecrypt
A program to recover forgotten passwords for programs: Qip 2005, Qip Infium, Qip 2010, MSN, Miranda, Mail Agent, Internet Explorer, Google Chrome, Opera, Mozilla FireFox, FileZilla, FAR manager, FlashFXP, Total Commander, Pidgin, Trillian, Google Talk, ICQ, The Bat!, Windows Live Messenger.
Interface in Russian and English.
Automatic and "manual" decryption mode. Manual mode will allow you to extract passwords from a dead or inactive system, for example, when booting from a LiveCD, or from a program that is not installed (portable) or from a Windows account that is currently inactive.
:: Recovering passwords from hashes
If, when recovering, instead of the password you see something like md5=202CB962AC59075B964B07152D234B70, this means that the password is stored as a hash and in order to extract the password from this hash you need to copy it to a buffer (202CB962AC59075B964B07152D234B70) and try to decrypt it on the website.
Websites for decrypting hashes:
The Russian interface can be downloaded on the download page.
::PasswdFinder
A small utility that helps find/recover lost passwords. Once the program is launched, the program window will show all passwords saved by web browsers, email clients, pagers, FTP clients and other programs.
Browsers: Apple Safari, Flock, Google Chrome 1.x - 6.x, Internet Explorer 4.x - 9.x, Opera 6.x - 11.x, Mozilla Browser, Mozilla Firefox, Mozilla SeaMonkey.
Instant messaging programs: RQ 0.9, AIM Pro, AOL Instant Messenger (older versions), Digsby, Excite Private Messenger 1.x, Faim 0.1, GAIM 1.x, Gizmo Project, Google Talk, ICQ 99b-2003b, Lite 4, Lite 5, IM2 (Messenger 2) 1.5.x, JAJC (Just Another Jabber Client), Miranda IM 0.2.x-0.9.x, MSN Messenger 1.x-7.x, MySpaceIM 1.0, Odigo 4, Paltalk, Pandion 2.5 , Pidgin, PSI, QIP 2005a, QIP.Online, SIM 0.9, Trillian 0.x, 2, 3, Trillian Astra, Windows Live Messenger, Windows Messenger, Yahoo! Messenger 3.x-6.x
Mail clients: Becky 2.x, Eudora/Eudora Light, Forte Agent 3.x, Gmail Notifier, Group Mail Free, IncrediMail, iScribe/nScribe 1.x, Mail Commander 8.x, Mail.Ru Agent 4.x - 5 .x, Microsoft Outlook 2000, 2002, 2003, 2007, 2010, Microsoft Outlook Express 6.0, Mozilla Thunderbird 1.x - 3.x, Opera Email Client, PocoMail 3.x - 4.x, POP Peeper 3.x, The Bat! 1.x - 4.x, Vypress Auvis 2.x, Windows Live Mail, Windows Mail
FTP clients: 32bit FTP, BitKinex 3.0.8, BulletProof FTP Client 1.x, 2.x, 2009, Classic FTP PC, CoffeeCup FTP 3.x, Core FTP 2.x, CuteFTP Home/Pro, DirectFTP, Directory Opus, ExpanDrive 1.8, FAR Manager 1.6x, 1.7x, 2.x, FFFTP 1.x, FileZilla 2.x, FlashFXP 1.x-3.x, Fling, FreeFTP, Frigate3 FTP 3.x, FTP Commander Pro/Deluxe, FTP Control 4, FTP Navigator, FTP Uploader, FTPExplorer 7.x, FTPRush 1.x, LeapFTP, NetDrive, SecureFX, SmartFTP 1.x - 4.x, SoftX FTP Client, TurboFTP 5.x - 6.x, UltraFXP 1 .x, Web Site Publisher 2.1.0, WebDrive, Windows/Total Commander 4.x - 7.x, WinSCP, WS_FTP 5.x - 10.x, 12 Home/Pro, 2007
Other programs: Absolute Poker, Advanced Dialer 2.x, ASP.NET Account, Cake Poker 2.0, CamFrog 3.x, Cisco VPN Client 5, ClubTimer 2.x, Dialer Queen 1.x, Download Master 4.x - 5. x, EType Dialer 1.x, FlashGet (JetCar) 1.x, FlexibleSoft Dialer 2.x-4.x, FreeCall 3.x, Full Tilt Poker, GetRight 5, Internet Download Accelerator 5, MuxaSoft Dialer 3.x - 4 .x, PartyPoker, PC Remote Control, PokerStars, Punto Switcher 2.x, Remote Desktop Connection, Screen Saver Win9x, The Bee 1.x, Titan Poker, UPSMon 2.8, VDialer 3, Windows 9x Cached Network passwords, Windows Cached Credentials ( .NET Passport, Domain and Network passwords), Windows Remote Access Service (RAS), VPN and Dial-up passwords, WinVNC 3.x
Is there Russian language
Download installation: http://www.spy-soft.net/passwdfinder/
Download portable version: on the forum
Program website: http://www.magicaljellybean.com/passwdfinder/
:: BulletsPassView
a utility for recovering passwords hidden behind asterisks, including in the Internet Explorer browser.
:: Recovering passwords from MD5 hashes - BarsWF program
:: Recovering/resetting Windows login passwords
It is easier to reset a computer password than to recover it. But, if the computer contains encrypted files using EFS, then when you reset the password, the encrypted data will be lost - in this case, you should try to recover the password.
1) If your computer has an accessible account with administrator rights, then everything is simple: log into it and in the Control Panel reset the passwords for the required Windows accounts. If there is no such account, then go to Windows Safe Mode (to call it, press the key many times F8 or F5 when turning on the computer), Maybe another account will appear" Administrator", which is not password protected.
For all other options for solving the problem, you need a LiveCD.
2) In Windows "7 you can go to the folder c:\windows\system32 and rename the file sethc.exe V sethc.bak, then cmd.exe copy under name sethc.exe. Boot into the problem computer and press the key before logging in Shift five times - the command line will load, enter in it:
net user user2 123 /add
net localgroup Administrators user2 /add
net localgroup Users user2 /delete
(press Enter at the end of each line)
After these commands a new account will appear user2 with password 123 - log in under this account and reset the password for the desired account.
To perform operations with files in the c:\windows\system32 folder, you need to boot from any LiveCD, for example AntiSMS, which is reviewed on this site. If there is no LiveCD, but there is another computer, then you can connect the hard drive of the problematic computer for these operations.
If you have a Windows installation disk, you can use it: boot from it, select System Restore, then press Further and choose Command line.
At the command prompt, enter:
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
3) Utility Password Reset from simplex- a small, simple utility for resetting Windows account passwords.
Works only with LiveCD. When resetting a password, it creates a backup copy of the SAM file, which makes it possible to return a deleted password, and SAM_bak1 is created only once, and SAM_bak2 is created every time the utility is launched, thus there will be both the first and the most recent backup copies if passwords are reset or set by users in in any order.
4) Utility Universal Virus Sniffer- a well-known free program for removing computer viruses. It has a number of additional functions, one of them is resetting Windows account passwords. You will need to boot into the problem computer with a LiveCD, run this utility, point it to the Windows folder, and then select " Registry" -> "Accounts (reset password/activate)...".
The window " Accounts", which will display all available accounts of the Windows being examined. Select the desired account and click " Reset the password".
5) Live CD" Reset Windows Password" - a ready-made disk for working with Windows account passwords. You will need to mount this tool on a CD, then boot from it and select the necessary operations. Allows you not only to reset passwords, but also makes it possible to select the desired password.
6) Hacker tool Live CD Kon-Boot- this product is a small LiveCD that resets all passwords for all accounts on the computer being tested. Moreover, after restarting the computer, all passwords will return to their place!
Works via command line. For example, to save a Windows password dump: QuarksPwDump.exe -dhl -o out.txt(will be saved to file out.txt).
9) Mimikatz— Intercepting passwords for open sessions in Windows. This is a hacking tool that allows an attacker to find out the Windows account password when the victim is away for a while.
The villain enters the following commands in the Command Prompt:
mimikatz # privilege::debug
mimikatz # inject::process lsass.exe sekurlsa.dll
mimikatz # @getLogonPasswords
The utility is "scorched" by many antiviruses. Therefore, the attacker will have to first disable the antivirus... Do you have a password set for your antivirus settings? That's it. My antivirus settings are password protected.
When using this material, please provide a link to http://site/
Browsers, email clients, and other programs often offer to save passwords. This is very convenient: I saved it and forgot, sometimes in the literal sense of the word. But what if you need to change your browser, reinstall the system, or simply log in from a different computer? It turns out that browsers store passwords very unreliably. There are a lot of recovery programs, and of course, on someone else’s machine they will work no worse than on yours.
Browsers
The browser often stores dozens or even hundreds of passwords. It’s clear that if you don’t use one password for all occasions (and this is not the best idea), remembering passwords for all sites and forums can be problematic.
If you have forgotten an important password and don’t want to rack your brains, download and install the WebBrowserPassView program. You will be surprised: it will easily extract passwords from Internet Explorer, Edge, Chrome, Opera, Safari, Firefox and Yandex Browser, and the latest versions are supported. Personally, I tested this program with IE, Firefox, Chrome and Opera - in no case did it fail.
Before running WebBrowserPassView, it is advisable to disable your antivirus, as some will complain that it is malware. The recovery result is shown in the screenshot. Don't blame me, but I covered up the Password column and the User Name part.
Select the passwords you want to remember and run the command File - Save Selected Items. The selected passwords will be saved to a plain text file in the following format:
===================================================== URL: website Web Browser: Firefox 32+ User Name: user Password: password Password Strength: Very Strong User Name Field: Password Field: Created Time: 07/09/2015 21:15:16 Modified Time: 07/09/2015 21:15:16 =====================================================And of course, the program is suitable for retrieving passwords on someone else’s machine. If you have local access or remote access - via RDP or TeamViewer, then getting passwords will be easy.
Postal workers
Continuation is available only to subscribers
Option 1. Subscribe to Hacker to read all materials on the site
Subscription will allow you to read ALL paid materials on the site within the specified period.
We accept payments by bank cards, electronic money and transfers from mobile operator accounts.
This material will introduce you to the interesting possibility of obtaining data from another user. The only condition for viewing is direct access to the object's computer!
Thanks to a program like Puntoswitcher, we can almost legally see all the information entered from the user’s keyboard. We already mentioned this program in the previous article about automatic keyboard layout switching.
Preparation
- Download and install the program Puntoswitcher to the user's computer.
- After installing the program, run it, it will appear in the notification area.
- Right-click on the program icon in the tray, and select “Advanced”, and in the context menu the first item “Keep a diary”.
- Afterwards, right-click on the program icon again and turn off the sound effects in the corresponding item.
- Activate the Puntoswitcher menu again and select the first item “Settings”.
- Leave the “General” section and uncheck all the boxes in the list in the center, except for the first item, as shown in the figure below.
- Afterwards, save the settings by clicking the “Apply” button.
Examination
- After making the settings, it's time to test the functionality of the program in practice. To do this, I opened the VKontakte website through a browser and entered the login information for the site, see the figure below.
- Great, after that we’ll complete the check by opening the Puntoswitcher diary. And as we see, everything that I entered into the lines of the login form was displayed in our diary, even the date and the program in which the symbols were entered were indicated!
Instead of an afterword
Well, that's all we need to implement it personal surveillance of the user– this is enough time and the Puntoswitcher program. Thanks to simple settings, you can make the presence of the program not noticeable, but all information entered from the keyboard will be reflected in the diary. Afterwards, to access the program, you can go to “START – Programs – Yandex – Puntoswitcher”.
Note!
Don't let Puntoswitcher shortcuts remain on your desktop or taskbar!