Windows stores account passwords for all the logged-in users in memory. This holds true for Windows XP through Windows 8. Passwords are encrypted and are not visible in plain text, but there is still a way to identify and decrypt those passwords.
When a computer hibernates, Windows writes all the physical RAM memory contents to
C:\hiberfil.sys file, creating a memory image. This image contains encrypted windows accounts and passwords.
hiberfil.sys file is locked by Windows, you might need to use special tools (like WinHex) or boot the system into Windows Recovery Console in order to access the file.
Mac OS X Lion stores salted SHA512 hashes of user accounts passwords.
NOTE: if a memory image of a target computer is available, Mac OS X login passwords could be recovered instantly.
Password hashes are stored in
Improving password recovery success rates
Limited time and resources are usually the two biggest constraints for password recovery. A live memory image could contain encryption keys and passwords, but what are the options if there is no such image available?
There are two important metrics for measuring effectiveness of password recovery: success rate and time spent. After all, we could do a full brute-force attack for all 16-character alpha-numeric passwords with 100% success rate, but waiting a billion years is not a viable option.
There is a lot of research to identify different patterns in passwords used, and the common view now is that there is no such thing as “the best” list of password recovery attacks. People choose different types of passwords to protect different types of data – corporate files, personal documents, or web accounts.
One of the questions we are asked often is, “How do I measure the efficiency of my set of password recovery attacks?”
That’s exactly the reason why Passware Kit now allows running password recovery attacks against a list of known passwords. For different types of passwords, this is the fastest way to see the success rate and estimate performance in real-life scenarios.
We are launching Passware blog today.
Here at Passware we have been busy adding new features to Passware Kit.
As the product matured during the last several years, we realized that the driving force that shapes the product is the voice of our user community.
With hundreds of new features we needed a place to share tips and tricks, receive feedback and talk to Passware users.
Stay tuned for updates and thank you for your support!