lepricaun Posted December 19, 2004 Report Share Posted December 19, 2004 hi all,i've just finished writing my new program.The program is able to dump the password from the logged in XP user to the screen.it is not using any exploits or anything, merely it looks at the memory in lsass.exe and retrieves the password from there.currently it is released as freeware, but perhaps in the future i will release it under the GPL.the program is called CachedPasswordDumperXP v1.0.you can get it here.i have written this program since it might be useful in penetration tests (or merely as a password reminder tool). i hope you guys like it, and please let me know what you think of it.in the future i am planning to add windows 2000 and windows 2003 to this program, so that it can work on all 3 OS's.kind regards,White Scorpion[EDIT]the program has a problem with SP2, SP2 is using a different way of storing the password, i have removed the download and it will be back up again in a few hours, this time with support for windows 2003, but still not with support for XP SP2, this will take a little longer...also i have changed the name to CachedPasswordDumper v1.1 since it will now work on more then just XP..check my site in a few hours to find the upgrade..[/EDIT] Quote Link to comment Share on other sites More sharing options...
Chris Posted December 19, 2004 Report Share Posted December 19, 2004 I get:the password cannot be found. Quote Link to comment Share on other sites More sharing options...
expertec Posted December 19, 2004 Report Share Posted December 19, 2004 I get:the password cannot be found.So do I, but I don't have a password. Quote Link to comment Share on other sites More sharing options...
expertec Posted December 19, 2004 Report Share Posted December 19, 2004 It does the same on a passworded account :blink: Quote Link to comment Share on other sites More sharing options...
lepricaun Posted December 19, 2004 Author Report Share Posted December 19, 2004 all SP2 i presume?? well as you can see in my edit, SP2 uses a different way of storing the password, so i have to figure it out first, but in a couple of hours the program will be online again (updated) with support for 2003 and it will check to see if SP2 is installed, so this way you will get an error: SP2 not supported.as soon as i have figured out how to track down the pass in SP2 i will let you guys know... Quote Link to comment Share on other sites More sharing options...
expertec Posted December 20, 2004 Report Share Posted December 20, 2004 Mine is not SP2. Quote Link to comment Share on other sites More sharing options...
lepricaun Posted December 21, 2004 Author Report Share Posted December 21, 2004 Could you post the output from the tool please? And did you try version 1.1 or 1.0? version 1.1 is tested on a lot of systems and only XP SP2 doesn't work. Quote Link to comment Share on other sites More sharing options...
expertec Posted December 21, 2004 Report Share Posted December 21, 2004 I was using 1.0, now on 1.1 it shows the password as blank, which is correct. Quote Link to comment Share on other sites More sharing options...
lepricaun Posted December 23, 2004 Author Report Share Posted December 23, 2004 i'm glad ;)XP (SP0) uses a different offset as (SP1), and at first i did not realize this... i'm now (at this moment) working on SP2, so i hope i can add it soon :Dps, the version is now 1.2, the source is available in the zip file, and it is released under the GPL. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.