Passware Kit 12.3 recovers passwords for Facebook, Gmail, and other websites by analyzing a memory image or a system hibernation file.
Here is how it’s done.
Launch Google Chrome browser on a target machine and open a new Incognito window (Ctrl+Shift+N). In Incognito mode Chrome does not save your passwords, but still they are present in computer memory.
Fill in email and password and click Log In:
REGISTER NOW FOR ONLINE TRAINING IN JANUARY 2013
Passware, in cooperation with Sumuri, is giving a series of live and online training and certification classes.
This three-day training class will give students the knowledge and skills to meet the challenges of digital encryption using Passware Kit. Students will gain an understanding of how encryption and cryptanalysis work to build core forensic analyst skills. Through hands-on practicals, students will learn how to apply Passware Kit in different scenarios, to include, encrypted files, email passwords, Windows passwords, Apple passwords, encrypted volumes, and more.
Windows stores account passwords for all the logged-in users in memory. This holds true for Windows XP through Windows 8. Passwords are encrypted and are not visible in plain text, but there is still a way to identify and decrypt those passwords.
When a computer hibernates, Windows writes all the physical RAM memory contents to
C:\hiberfil.sys file, creating a memory image. This image contains encrypted windows accounts and passwords.
hiberfil.sys file is locked by Windows, you might need to use special tools (like WinHex) or boot the system into Windows Recovery Console in order to access the file.
Mac OS X Lion stores salted SHA512 hashes of user accounts passwords.
NOTE: if a memory image of a target computer is available, Mac OS X login passwords could be recovered instantly.
Password hashes are stored in
Improving password recovery success rates
Limited time and resources are usually the two biggest constraints for password recovery. A live memory image could contain encryption keys and passwords, but what are the options if there is no such image available?
There are two important metrics for measuring effectiveness of password recovery: success rate and time spent. After all, we could do a full brute-force attack for all 16-character alpha-numeric passwords with 100% success rate, but waiting a billion years is not a viable option.
There is a lot of research to identify different patterns in passwords used, and the common view now is that there is no such thing as “the best” list of password recovery attacks. People choose different types of passwords to protect different types of data – corporate files, personal documents, or web accounts.
One of the questions we are asked often is, “How do I measure the efficiency of my set of password recovery attacks?”
That’s exactly the reason why Passware Kit now allows running password recovery attacks against a list of known passwords. For different types of passwords, this is the fastest way to see the success rate and estimate performance in real-life scenarios.