AndyzBong Posted March 27, 2007 Share Posted March 27, 2007 I was wondering how exactly I go about viewing possible unencrypted passwords in the pagefile.sys file. I know that I would need a Linux Live CD in order to extract the file, but would I need forensic software to view the plain-text passwords? Any links or info would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 27, 2007 Share Posted March 27, 2007 a ASCII/Unicode viewer (takes any file and displays it's contents as either ASCII or Unicode), which is basically a text editor. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 27, 2007 Share Posted March 27, 2007 /me ignores that no one else has replied yet. I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (although I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). It was actually in there a couple of times as well. Couldn't find any thing more valuable like Firefox master password. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 27, 2007 Share Posted March 27, 2007 /me ignores that no one else has replied yet.I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (though I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). Couldn't find any thing more valuable like Firefox master password. It would be interesting to see if the characters around it were the same it might not say msnPassword but it might be the same so searching for that string might yield a password Quote Link to comment Share on other sites More sharing options...
unasoto Posted March 27, 2007 Share Posted March 27, 2007 I'm about to go to bed but I woundered same thing Vako did. Tomorrow I'm going to do the same thing and post my 10 digits that are in front of my passwords and then the last 10 digits and if others do the same thing we might find some kinda tag? :) /me not nub enough to post my password :P Quote Link to comment Share on other sites More sharing options...
digip Posted March 27, 2007 Share Posted March 27, 2007 I'm about to go to bed but I woundered same thing Vako did. Tomorrow I'm going to do the same thing and post my 10 digits that are in front of my passwords and then the last 10 digits and if others do the same thing we might find some kinda tag? :)/me not nub enough to post my password :P What if that was your passwords hash.... Quote Link to comment Share on other sites More sharing options...
cooper Posted March 27, 2007 Share Posted March 27, 2007 I was under the impression that passwords are kept (as long as they are in fact kept) in a locked memory page which would preclude them from being written away in the pagefile.sys file. The correct (and, I would assume, normal) way to deal with this is to lock the memory page, read the password into it, use it in whatever way to obtain a session key, clear out the page, and then unlock it again. Use the session key from that point on, which will time out after, say, 30 minutes of inactivity. Quote Link to comment Share on other sites More sharing options...
Shaun Posted March 28, 2007 Share Posted March 28, 2007 I'm about to go to bed but I woundered same thing Vako did. VaKo? Quote Link to comment Share on other sites More sharing options...
lunex Posted March 30, 2007 Share Posted March 30, 2007 /me ignores that no one else has replied yet.I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (though I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). Couldn't find any thing more valuable like Firefox master password. It would be interesting to see if the characters around it were the same it might not say msnPassword but it might be the same so searching for that string might yield a password Most likely not. Strings are usually stored alone in an object heap. However it is still possible that it is being stored as a static length array of characters that is embedded into a larger structure. I do happen to know that passwords for Passport are limited to 16 characters. This limitation means that it could be part of a structure, but that would be a very unusual practice. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.