Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PWL?

Posted on 1998-10-11
16
Medium Priority
?
525 Views
Last Modified: 2013-12-03
How can I encrypt/decrypt a Windows 95 password from a PWL file?  I need this for a security system I am working on.  Also I am using Borland C++ Builder v3.0 Client/Server Version, but I am also willing to use Borland C++ v4.5.

thanks
0
Comment
Question by:4099aol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
  • +2
16 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 1415194
0
 

Author Comment

by:4099aol
ID: 1415195
Sorry but I do not think that is what I am looking for.  What I need is to be able to encrypt and decrypt the actual login password.  I am talking about the password you type in at the Windows Login box.

thanks
0
 
LVL 32

Expert Comment

by:jhance
ID: 1415196
Check the link at the bottom of the page I referenced.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:4099aol
ID: 1415197
I did, but from what I understand it tells you how to take the passwords that are saved in the file (as in a saved password from IE to login to Experts Exchange).  What I need is the password the user uses to login to Windows.
0
 
LVL 3

Expert Comment

by:BudVVeezer
ID: 1415198
Will your app be running while the logon screen is up?
0
 

Author Comment

by:4099aol
ID: 1415199
I do not know how to do that, but if I can find out how to do so I will.  Currently it loads up after it.
0
 
LVL 3

Expert Comment

by:BudVVeezer
ID: 1415200
Then I believe the only way that you can get the password is by getting it from teh PWL....but, you will also need to know what username...so yeah.  I'm not sure if you can get it BEFORE the logon screen, that's not something I am familiar with...sorry!

~Aaron
0
 

Author Comment

by:4099aol
ID: 1415201
I will know the username but not the password...
0
 
LVL 7

Expert Comment

by:BlackMan
ID: 1415202
You can't decrypt the password. Storing passwords works with an algorithm where you can only encrypt it. What Win95 (and almost all other OS) does when you enter a password, is that the encrypt it and compares it with the encrypted password in the user database. Those program that will reveil the password in clear text to you, the do it the brute-force way, making every combination of a password and check if it match the encrypted password.

0
 

Author Comment

by:4099aol
ID: 1415203
Ok, then how do I encrypt the password and where do I save it to?  What I am trying to do is change the password and I need to encrypt the password the user wants and then save it.
0
 
LVL 1

Expert Comment

by:DiegoDevesa
ID: 1415204
There is a UNDOCUMENTED function, that returns all the W95 (and others?) in PLAIN TEXT
That funcion is WNetGetCachedPasswords.
BlackMan is WRONG. When you connect to the Internet, Windows need to send the password, so the Windows 95 passowrds are decryptable.
I have the source code of a program that use that function, if you are interested I'll put that here.


Diego Devesa.
0
 

Author Comment

by:4099aol
ID: 1415205
Please do so
0
 
LVL 1

Accepted Solution

by:
DiegoDevesa earned 2000 total points
ID: 1415206
Here is:


--------START----------
/*
(c) 1997, 98 Vitas Ramanchauskas http://webdon.com

Use Visual C++ to compile this into win32 console app.

This code provided for educational purpose only.
!! NO WARRANTY, NO SUPPORT !!

Look at http://webdon.com/vitas/pwl.htm for more details
*/

#include <windows.h>
#include <stdio.h>

typedef struct tagPASSWORD_CACHE_ENTRY {
WORD cbEntry; // size of this entry, in bytes
WORD cbResource; // size of resource name, in bytes
WORD cbPassword; // size of password, in bytes
BYTE iEntry; // entry index
BYTE nType; // type of entry
BYTE abResource[1]; // start of resource name
// password immediately follows resource name
} PASSWORD_CACHE_ENTRY;

char *buf, *ob1;
int cnt = 0;

BOOL CALLBACK pce(PASSWORD_CACHE_ENTRY *x, DWORD)
{
cnt++;
memmove(buf, x->abResource, x->cbResource);
buf[x->cbResource] = 0;
CharToOem(buf, ob1);    // for non-English users
printf("%-30s : ", ob1);

memmove(buf, x->abResource+x->cbResource, x->cbPassword);
buf[x->cbPassword] = 0;
CharToOem(buf, ob1);
printf("%s\n", ob1);

return TRUE;
}

void main()
{
buf = new char[1024];
ob1 = new char[1024];
puts("There is no security in this crazy world!\n"
"Win95 PWL viewer v1.01 (c) 1997, 98 Vitas Ramanchauskas\n"
"http://webdon.com, e-mail: vitas@webdon.com vitas@rocketmail.com, ICQ:3024702\n\n"
"************\n"
"!DISCLAIMER!\n"
"!This program intended to be used for legal purpose only!\n"
"************\n\n"
"This program shows cached passwords using standard (but undocumented)\n"
"Windows API on local machine for current user (user must be logged in).\n"
"There is much more powerful version of this program named pwltool\n"
"is available at http://webdon.com/vitas . But it has larger size...\n"
"You may invoke pwlview in this way: pwlview >> textfile.txt\n"
"to save passwords in file (don't forget to press enter twice)\n"
"Press Enter to begin...\n");
getchar();

HINSTANCE hi = LoadLibrary("mpr.dll");
if(!hi)
{
puts("Couldn't load mpr.dll. This program is for Windows 95 only");
return;
}
WORD (__stdcall *enp)(LPSTR, WORD, BYTE, void*, DWORD) =
(WORD (__stdcall *)(LPSTR, WORD, BYTE, void*, DWORD))GetProcAddress(hi, "WNetEnumCachedPasswords");
if(!enp)
{
puts("Couldn't import function. This program is for Windows 95 only");
return;
}
(*enp)(0,0, 0xff, pce, 0);
if(!cnt)
puts("No passwords found.\n"
"Probably password caching was not used or user is not logged in.");
FreeLibrary(hi);
puts("\nPress Enter to quit");
getchar();
}
----------END--------

Enjoy it :)
0
 
LVL 7

Expert Comment

by:BlackMan
ID: 1415207
DiegoDevesa,

Nice function but I have to disagree with you on your comment. The password is not decryptable, if you notice, WNetGetCachedPassword can only return it from the current logged in user! And when you are connectin via the internet, unless you type the password in the Connect As box, the password is not sent, only the hashed value are sent and the the server compares it with the hashed password it has for the given user...
0
 
LVL 1

Expert Comment

by:DiegoDevesa
ID: 1415208
Ok, don't beleive it's decryptable. Then you should know, before that program was released, there was one called "glide.c". That program DECRYPTS a specific PWL file. Then, Microsoft updated their PWL format, but it's still decrytable. And, when W95 is started, it's don't answer you for a password, only in NetWord. And, if you still don't believe, run that program!. You maybe are talking about UNIX passwords. UNIX passwords are NOT decrytable, but W95 passwords are!
0
 

Author Comment

by:4099aol
ID: 1415209
thanks
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
For a while now I'v been searching for a circular progress control, much like the one you get when first starting your Silverlight application. I found a couple that were written in WPF and there were a few written in Silverlight, but all appeared o…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question