Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 528
  • Last Modified:

PWL?

How can I encrypt/decrypt a Windows 95 password from a PWL file?  I need this for a security system I am working on.  Also I am using Borland C++ Builder v3.0 Client/Server Version, but I am also willing to use Borland C++ v4.5.

thanks
0
4099aol
Asked:
4099aol
  • 7
  • 3
  • 2
  • +2
1 Solution
 
4099aolAuthor Commented:
Sorry but I do not think that is what I am looking for.  What I need is to be able to encrypt and decrypt the actual login password.  I am talking about the password you type in at the Windows Login box.

thanks
0
 
jhanceCommented:
Check the link at the bottom of the page I referenced.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
4099aolAuthor Commented:
I did, but from what I understand it tells you how to take the passwords that are saved in the file (as in a saved password from IE to login to Experts Exchange).  What I need is the password the user uses to login to Windows.
0
 
BudVVeezerCommented:
Will your app be running while the logon screen is up?
0
 
4099aolAuthor Commented:
I do not know how to do that, but if I can find out how to do so I will.  Currently it loads up after it.
0
 
BudVVeezerCommented:
Then I believe the only way that you can get the password is by getting it from teh PWL....but, you will also need to know what username...so yeah.  I'm not sure if you can get it BEFORE the logon screen, that's not something I am familiar with...sorry!

~Aaron
0
 
4099aolAuthor Commented:
I will know the username but not the password...
0
 
BlackManCommented:
You can't decrypt the password. Storing passwords works with an algorithm where you can only encrypt it. What Win95 (and almost all other OS) does when you enter a password, is that the encrypt it and compares it with the encrypted password in the user database. Those program that will reveil the password in clear text to you, the do it the brute-force way, making every combination of a password and check if it match the encrypted password.

0
 
4099aolAuthor Commented:
Ok, then how do I encrypt the password and where do I save it to?  What I am trying to do is change the password and I need to encrypt the password the user wants and then save it.
0
 
DiegoDevesaCommented:
There is a UNDOCUMENTED function, that returns all the W95 (and others?) in PLAIN TEXT
That funcion is WNetGetCachedPasswords.
BlackMan is WRONG. When you connect to the Internet, Windows need to send the password, so the Windows 95 passowrds are decryptable.
I have the source code of a program that use that function, if you are interested I'll put that here.


Diego Devesa.
0
 
4099aolAuthor Commented:
Please do so
0
 
DiegoDevesaCommented:
Here is:


--------START----------
/*
(c) 1997, 98 Vitas Ramanchauskas http://webdon.com

Use Visual C++ to compile this into win32 console app.

This code provided for educational purpose only.
!! NO WARRANTY, NO SUPPORT !!

Look at http://webdon.com/vitas/pwl.htm for more details
*/

#include <windows.h>
#include <stdio.h>

typedef struct tagPASSWORD_CACHE_ENTRY {
WORD cbEntry; // size of this entry, in bytes
WORD cbResource; // size of resource name, in bytes
WORD cbPassword; // size of password, in bytes
BYTE iEntry; // entry index
BYTE nType; // type of entry
BYTE abResource[1]; // start of resource name
// password immediately follows resource name
} PASSWORD_CACHE_ENTRY;

char *buf, *ob1;
int cnt = 0;

BOOL CALLBACK pce(PASSWORD_CACHE_ENTRY *x, DWORD)
{
cnt++;
memmove(buf, x->abResource, x->cbResource);
buf[x->cbResource] = 0;
CharToOem(buf, ob1);    // for non-English users
printf("%-30s : ", ob1);

memmove(buf, x->abResource+x->cbResource, x->cbPassword);
buf[x->cbPassword] = 0;
CharToOem(buf, ob1);
printf("%s\n", ob1);

return TRUE;
}

void main()
{
buf = new char[1024];
ob1 = new char[1024];
puts("There is no security in this crazy world!\n"
"Win95 PWL viewer v1.01 (c) 1997, 98 Vitas Ramanchauskas\n"
"http://webdon.com, e-mail: vitas@webdon.com vitas@rocketmail.com, ICQ:3024702\n\n"
"************\n"
"!DISCLAIMER!\n"
"!This program intended to be used for legal purpose only!\n"
"************\n\n"
"This program shows cached passwords using standard (but undocumented)\n"
"Windows API on local machine for current user (user must be logged in).\n"
"There is much more powerful version of this program named pwltool\n"
"is available at http://webdon.com/vitas . But it has larger size...\n"
"You may invoke pwlview in this way: pwlview >> textfile.txt\n"
"to save passwords in file (don't forget to press enter twice)\n"
"Press Enter to begin...\n");
getchar();

HINSTANCE hi = LoadLibrary("mpr.dll");
if(!hi)
{
puts("Couldn't load mpr.dll. This program is for Windows 95 only");
return;
}
WORD (__stdcall *enp)(LPSTR, WORD, BYTE, void*, DWORD) =
(WORD (__stdcall *)(LPSTR, WORD, BYTE, void*, DWORD))GetProcAddress(hi, "WNetEnumCachedPasswords");
if(!enp)
{
puts("Couldn't import function. This program is for Windows 95 only");
return;
}
(*enp)(0,0, 0xff, pce, 0);
if(!cnt)
puts("No passwords found.\n"
"Probably password caching was not used or user is not logged in.");
FreeLibrary(hi);
puts("\nPress Enter to quit");
getchar();
}
----------END--------

Enjoy it :)
0
 
BlackManCommented:
DiegoDevesa,

Nice function but I have to disagree with you on your comment. The password is not decryptable, if you notice, WNetGetCachedPassword can only return it from the current logged in user! And when you are connectin via the internet, unless you type the password in the Connect As box, the password is not sent, only the hashed value are sent and the the server compares it with the hashed password it has for the given user...
0
 
DiegoDevesaCommented:
Ok, don't beleive it's decryptable. Then you should know, before that program was released, there was one called "glide.c". That program DECRYPTS a specific PWL file. Then, Microsoft updated their PWL format, but it's still decrytable. And, when W95 is started, it's don't answer you for a password, only in NetWord. And, if you still don't believe, run that program!. You maybe are talking about UNIX passwords. UNIX passwords are NOT decrytable, but W95 passwords are!
0
 
4099aolAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 7
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now