Jump to content

pagefile.sys


AndyzBong
 Share

Recommended Posts

I was wondering how exactly I go about viewing possible unencrypted passwords in the pagefile.sys file. I know that I would need a Linux Live CD in order to extract the file, but would I need forensic software to view the plain-text passwords?

Any links or info would be greatly appreciated.

Link to comment
Share on other sites

/me ignores that no one else has replied yet.

I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (although I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). It was actually in there a couple of times as well. Couldn't find any thing more valuable like Firefox master password.

Link to comment
Share on other sites

/me ignores that no one else has replied yet.

I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (though I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). Couldn't find any thing more valuable like Firefox master password.

It would be interesting to see if the characters around it were the same it might not say msnPassword but it might be the same so searching for that string might yield a password
Link to comment
Share on other sites

I'm about to go to bed but I woundered same thing Vako did. Tomorrow I'm going to do the same thing and post my 10 digits that are in front of my passwords and then the last 10 digits and if others do the same thing we might find some kinda tag? :)

/me not nub enough to post my password :P

Link to comment
Share on other sites

I'm about to go to bed but I woundered same thing Vako did. Tomorrow I'm going to do the same thing and post my 10 digits that are in front of my passwords and then the last 10 digits and if others do the same thing we might find some kinda tag? :)

/me not nub enough to post my password :P

What if that was your passwords hash....

Link to comment
Share on other sites

I was under the impression that passwords are kept (as long as they are in fact kept) in a locked memory page which would preclude them from being written away in the pagefile.sys file.

The correct (and, I would assume, normal) way to deal with this is to lock the memory page, read the password into it, use it in whatever way to obtain a session key, clear out the page, and then unlock it again. Use the session key from that point on, which will time out after, say, 30 minutes of inactivity.

Link to comment
Share on other sites

/me ignores that no one else has replied yet.

I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (though I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). Couldn't find any thing more valuable like Firefox master password.

It would be interesting to see if the characters around it were the same it might not say msnPassword but it might be the same so searching for that string might yield a password

Most likely not. Strings are usually stored alone in an object heap. However it is still possible that it is being stored as a static length array of characters that is embedded into a larger structure. I do happen to know that passwords for Passport are limited to 16 characters. This limitation means that it could be part of a structure, but that would be a very unusual practice.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...