Latest posts by Michael Pietroforte (see all)
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
- PowerShell remoting with SSH public key authentication - Thu, May 3 2018
In my article about the Windows Vault I outlined why it is a security risk to store network passwords with Windows integrated functions on PCs. I think Nirsoft's Network Password Recovery is a perfect tool to demonstrate to Windows admins that the Windows Vault is not really a vault in the literal sense.
Network Password Recovery is not a cracking tool; that is, it doesn't exploit any Windows vulnerabilities. Although all passwords in the Windows Vault are encrypted, they can be accessed easily if you know an administrator password for the corresponding computer. This is because, contrary to the cached domain logon function, Windows doesn't store the passwords as hashes but in clear text before it encrypts them.
The Windows Credential Manager does not support password recovery because passwords are hidden from users. I guess this is supposed to be a security feature. But I think it also lulls users and admins into a false sense of security.
According to Nirsoft, Network Password Recovery can recover the following passwords:
- Login passwords of remote computers on your LAN
- Passwords of mail accounts on Exchange servers (stored by Outlook 2003)
- Passwords of MSN Messenger / Windows Messenger accounts
- Internet Explorer 7.x and 8.x: passwords of password-protected Web sites ("Basic Authentication" or "Digest Access Authentication")
- Passwords stored by Remote Desktop 6
Network Password Recovery can also be run from the command prompt and can save all passwords to a text or HTML file. I guess this is most useful for hackers who want to gain as many passwords as possible from a hacked network. However, this feature could also be helpful for administrators who want to disable stored network passwords. Before you delete all stored passwords in your network you can retrieve them with Network Password Recovery. If users who forgot their stored passwords start calling for help, you are prepared. Make sure to inform users before you run your script and also get the support of your management for this procedure.