Solved

PWL?

Posted on 1998-10-11
16
505 Views
Last Modified: 2013-12-03
How can I encrypt/decrypt a Windows 95 password from a PWL file?  I need this for a security system I am working on.  Also I am using Borland C++ Builder v3.0 Client/Server Version, but I am also willing to use Borland C++ v4.5.

thanks
0
Comment
Question by:4099aol
  • 7
  • 3
  • 2
  • +2
16 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 1415194
0
 

Author Comment

by:4099aol
ID: 1415195
Sorry but I do not think that is what I am looking for.  What I need is to be able to encrypt and decrypt the actual login password.  I am talking about the password you type in at the Windows Login box.

thanks
0
 
LVL 32

Expert Comment

by:jhance
ID: 1415196
Check the link at the bottom of the page I referenced.
0
 

Author Comment

by:4099aol
ID: 1415197
I did, but from what I understand it tells you how to take the passwords that are saved in the file (as in a saved password from IE to login to Experts Exchange).  What I need is the password the user uses to login to Windows.
0
 
LVL 3

Expert Comment

by:BudVVeezer
ID: 1415198
Will your app be running while the logon screen is up?
0
 

Author Comment

by:4099aol
ID: 1415199
I do not know how to do that, but if I can find out how to do so I will.  Currently it loads up after it.
0
 
LVL 3

Expert Comment

by:BudVVeezer
ID: 1415200
Then I believe the only way that you can get the password is by getting it from teh PWL....but, you will also need to know what username...so yeah.  I'm not sure if you can get it BEFORE the logon screen, that's not something I am familiar with...sorry!

~Aaron
0
 

Author Comment

by:4099aol
ID: 1415201
I will know the username but not the password...
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 7

Expert Comment

by:BlackMan
ID: 1415202
You can't decrypt the password. Storing passwords works with an algorithm where you can only encrypt it. What Win95 (and almost all other OS) does when you enter a password, is that the encrypt it and compares it with the encrypted password in the user database. Those program that will reveil the password in clear text to you, the do it the brute-force way, making every combination of a password and check if it match the encrypted password.

0
 

Author Comment

by:4099aol
ID: 1415203
Ok, then how do I encrypt the password and where do I save it to?  What I am trying to do is change the password and I need to encrypt the password the user wants and then save it.
0
 
LVL 1

Expert Comment

by:DiegoDevesa
ID: 1415204
There is a UNDOCUMENTED function, that returns all the W95 (and others?) in PLAIN TEXT
That funcion is WNetGetCachedPasswords.
BlackMan is WRONG. When you connect to the Internet, Windows need to send the password, so the Windows 95 passowrds are decryptable.
I have the source code of a program that use that function, if you are interested I'll put that here.


Diego Devesa.
0
 

Author Comment

by:4099aol
ID: 1415205
Please do so
0
 
LVL 1

Accepted Solution

by:
DiegoDevesa earned 500 total points
ID: 1415206
Here is:


--------START----------
/*
(c) 1997, 98 Vitas Ramanchauskas http://webdon.com

Use Visual C++ to compile this into win32 console app.

This code provided for educational purpose only.
!! NO WARRANTY, NO SUPPORT !!

Look at http://webdon.com/vitas/pwl.htm for more details
*/

#include <windows.h>
#include <stdio.h>

typedef struct tagPASSWORD_CACHE_ENTRY {
WORD cbEntry; // size of this entry, in bytes
WORD cbResource; // size of resource name, in bytes
WORD cbPassword; // size of password, in bytes
BYTE iEntry; // entry index
BYTE nType; // type of entry
BYTE abResource[1]; // start of resource name
// password immediately follows resource name
} PASSWORD_CACHE_ENTRY;

char *buf, *ob1;
int cnt = 0;

BOOL CALLBACK pce(PASSWORD_CACHE_ENTRY *x, DWORD)
{
cnt++;
memmove(buf, x->abResource, x->cbResource);
buf[x->cbResource] = 0;
CharToOem(buf, ob1);    // for non-English users
printf("%-30s : ", ob1);

memmove(buf, x->abResource+x->cbResource, x->cbPassword);
buf[x->cbPassword] = 0;
CharToOem(buf, ob1);
printf("%s\n", ob1);

return TRUE;
}

void main()
{
buf = new char[1024];
ob1 = new char[1024];
puts("There is no security in this crazy world!\n"
"Win95 PWL viewer v1.01 (c) 1997, 98 Vitas Ramanchauskas\n"
"http://webdon.com, e-mail: vitas@webdon.com vitas@rocketmail.com, ICQ:3024702\n\n"
"************\n"
"!DISCLAIMER!\n"
"!This program intended to be used for legal purpose only!\n"
"************\n\n"
"This program shows cached passwords using standard (but undocumented)\n"
"Windows API on local machine for current user (user must be logged in).\n"
"There is much more powerful version of this program named pwltool\n"
"is available at http://webdon.com/vitas . But it has larger size...\n"
"You may invoke pwlview in this way: pwlview >> textfile.txt\n"
"to save passwords in file (don't forget to press enter twice)\n"
"Press Enter to begin...\n");
getchar();

HINSTANCE hi = LoadLibrary("mpr.dll");
if(!hi)
{
puts("Couldn't load mpr.dll. This program is for Windows 95 only");
return;
}
WORD (__stdcall *enp)(LPSTR, WORD, BYTE, void*, DWORD) =
(WORD (__stdcall *)(LPSTR, WORD, BYTE, void*, DWORD))GetProcAddress(hi, "WNetEnumCachedPasswords");
if(!enp)
{
puts("Couldn't import function. This program is for Windows 95 only");
return;
}
(*enp)(0,0, 0xff, pce, 0);
if(!cnt)
puts("No passwords found.\n"
"Probably password caching was not used or user is not logged in.");
FreeLibrary(hi);
puts("\nPress Enter to quit");
getchar();
}
----------END--------

Enjoy it :)
0
 
LVL 7

Expert Comment

by:BlackMan
ID: 1415207
DiegoDevesa,

Nice function but I have to disagree with you on your comment. The password is not decryptable, if you notice, WNetGetCachedPassword can only return it from the current logged in user! And when you are connectin via the internet, unless you type the password in the Connect As box, the password is not sent, only the hashed value are sent and the the server compares it with the hashed password it has for the given user...
0
 
LVL 1

Expert Comment

by:DiegoDevesa
ID: 1415208
Ok, don't beleive it's decryptable. Then you should know, before that program was released, there was one called "glide.c". That program DECRYPTS a specific PWL file. Then, Microsoft updated their PWL format, but it's still decrytable. And, when W95 is started, it's don't answer you for a password, only in NetWord. And, if you still don't believe, run that program!. You maybe are talking about UNIX passwords. UNIX passwords are NOT decrytable, but W95 passwords are!
0
 

Author Comment

by:4099aol
ID: 1415209
thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

As more and more people are shifting to the latest .Net frameworks, the windows presentation framework is gaining importance by the day. Many people are now turning to WPF controls to provide a rich user experience. I have been using WPF controls fo…
For a while now I'v been searching for a circular progress control, much like the one you get when first starting your Silverlight application. I found a couple that were written in WPF and there were a few written in Silverlight, but all appeared o…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now