AndyzBong Posted March 27, 2007 Posted March 27, 2007 I was wondering how exactly I go about viewing possible unencrypted passwords in the pagefile.sys file. I know that I would need a Linux Live CD in order to extract the file, but would I need forensic software to view the plain-text passwords? Any links or info would be greatly appreciated. Quote
Sparda Posted March 27, 2007 Posted March 27, 2007 a ASCII/Unicode viewer (takes any file and displays it's contents as either ASCII or Unicode), which is basically a text editor. Quote
Sparda Posted March 27, 2007 Posted March 27, 2007 /me ignores that no one else has replied yet. I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (although I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). It was actually in there a couple of times as well. Couldn't find any thing more valuable like Firefox master password. Quote
SomeoneE1se Posted March 27, 2007 Posted March 27, 2007 /me ignores that no one else has replied yet.I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (though I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). Couldn't find any thing more valuable like Firefox master password. It would be interesting to see if the characters around it were the same it might not say msnPassword but it might be the same so searching for that string might yield a password Quote
unasoto Posted March 27, 2007 Posted March 27, 2007 I'm about to go to bed but I woundered same thing Vako did. Tomorrow I'm going to do the same thing and post my 10 digits that are in front of my passwords and then the last 10 digits and if others do the same thing we might find some kinda tag? :) /me not nub enough to post my password :P Quote
digip Posted March 27, 2007 Posted March 27, 2007 I'm about to go to bed but I woundered same thing Vako did. Tomorrow I'm going to do the same thing and post my 10 digits that are in front of my passwords and then the last 10 digits and if others do the same thing we might find some kinda tag? :)/me not nub enough to post my password :P What if that was your passwords hash.... Quote
cooper Posted March 27, 2007 Posted March 27, 2007 I was under the impression that passwords are kept (as long as they are in fact kept) in a locked memory page which would preclude them from being written away in the pagefile.sys file. The correct (and, I would assume, normal) way to deal with this is to lock the memory page, read the password into it, use it in whatever way to obtain a session key, clear out the page, and then unlock it again. Use the session key from that point on, which will time out after, say, 30 minutes of inactivity. Quote
Shaun Posted March 28, 2007 Posted March 28, 2007 I'm about to go to bed but I woundered same thing Vako did. VaKo? Quote
lunex Posted March 30, 2007 Posted March 30, 2007 /me ignores that no one else has replied yet.I just forced power off, booted Kubuntu (which is actually installed on this computer) and opened the page file in Kate (took a while though). I managed to find my MSN password stored as ASCII there (though I actually had to search for the passwordit's self. It's not like it has "msn_password:" before it :P). Couldn't find any thing more valuable like Firefox master password. It would be interesting to see if the characters around it were the same it might not say msnPassword but it might be the same so searching for that string might yield a password Most likely not. Strings are usually stored alone in an object heap. However it is still possible that it is being stored as a static length array of characters that is embedded into a larger structure. I do happen to know that passwords for Passport are limited to 16 characters. This limitation means that it could be part of a structure, but that would be a very unusual practice. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.