Microsoft's Win95 stores your password in plaintext in the system registry.
Description: | Bill Stout notes several locations in the W95 registry where user's passwords are stored in plain text. |
Author: | Bill Stout <stoutb@pios.com> |
Compromise: | Find out a user's W95 password (which is often also their password on real machines) |
Vulnerable Systems: | Microsoft Windoze 95 |
Date: | 30 May 1997 |
Date: Fri, 30 May 1997 00:41:40 +1000 (EST)
From: Peter Tonoly <anarchie@suburbia.net>
To: best-of-security@suburbia.net
Subject: BoS: [NTSEC] Plaintext passwords exist in registry (fwd'ed)
---------------------------------------------------------------
From : Bill Stout <stoutb@pios.com>
Subj : [NTSEC] Plaintext passwords exist in registry
Date : Wed, 28 May 1997 09:17:53 -0700
Forward? : No
Return : stoutb@pios.com
MsgID : <2.2.32.19970528161753.00717450@vaxf.pios.com>
---------------------------------------------------------------
Most facinating what you find if you look.
The registry does store some passwords in plain text. The importance of the
passwords you do find depends on your installation. I found 'password' and
'username' entries at the below locations, but not much software was
installed on these NT boxes. Searching the NT registry for my password
string did not did not display anything, searching the W95 registry for my
specific password string found it in many places:
password locations:
hkey_local_machine\system\controlset001\services\gophersvc\parameters
...\controlset002\"
...\curentcontrolset\"
...\msftpsvc\parameters
...\w3svc\parameters\
username locations:
\hkey+local_machine\software\microsoft\windowsnt\currentversion\winlogon\
...\system\controlset001\services\bh\parameters
...\controlset002\"
...\curentcontrolset\"
...\services\gophersvc\parameters\anonymouseusername
...\logsqlusername
...\msftpsvc\parameters\anonymoususername
...\logsqlusername
...\w3svc\parameters\anonymoususername
...\logsqlusername
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: