A colleague asked me as we tried to work on a computer, “How do I recover my admin password on Windows?” As I stumbled to remember the answer, I googled myself and found a posting I’d written some time ago:

At Daily Cup of Tech, Tim begins with this disclaimer…

I want to start this article off by saying that the information contained in this article may be of a controversial nature. But, I want to just remind everyone that information in and of itself is amoral; that is, it is neither good nor evil. It is only what someone decides to do with this information that can be good or evil. It is my sincerest hope that you will choose to make the world a better place with this information.

Should this information be available? I’m reminded of the UCEA panel presentation by Dr. Scott McLeod…. In the conversation, it was obvious that while transparency is great, shouldn’t we be asking whether this information SHOULD be made available? After all, what is helpful to one group in the United States or the United Kingdom can also be helpful to someone wearing a turban that had a terroristic agenda.

Of course, you don’t have to wear a turban to hold and act on a radical point of view, or attempt to legislate your exclusionary beliefs. So, SHOULD Tim be sharing this information on his web site?

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

It’s pretty easy per Tim’s tutorial–and, of course, the Cain and Abel software–to recover email, FTP, MySQL, etc. as described below:

If you has set up Cain & Abel as described above, all you need to do is send yourself an e-mail. Once you have sent and received the e-mail, go back to Cain & Abel. Click on the Sniffer tab at the top and then the Passwords tab at the bottom. On the left hand side, you will see a listing of different types of passwords that can be retrieved from the network. Your e-mail is likely POP3 so click on that POP3 option.

It is also interesting to see this comment… It [Cain and Abel] can do a lot more such as recovering Access database passwords and revealing what is under the ******** you see in password fields.


Subscribe to Around the Corner-MGuhlin.org


Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure