Odds of retrieving ...
 
Notifications
Clear all

Odds of retrieving userid/passwords typed into web forms

5 Posts
4 Users
0 Reactions
342 Views
peak
 peak
(@peak)
Active Member
Joined: 16 years ago
Posts: 6
Topic starter  

I'm an experienced sys admin who is working with our security group in small doses for the experience. It's challenging, but I enjoy putting together the pieces.

We have an attorney who wants to know if we can pull usernames/passwords from online web forms, such as Yahoo mail from a pc. I told him there are legal issues he'll need to address before we actually proceed.

Till then, I'm looking into it. From what I can tell, unless the passwords are saved in the browser or an instant messenger client was running, the online credentials are not on the pc. I can piece together a history of my internet searches, my latest URL history, all the cookies and even rebuild some of the webpages. I've also used some free/demo tools to look inside the cookies to no avail.

Am I on the right track? I'd like to figure it out because I like learning, but at the same time am cautious about the ramifications and future requests that could be created because of this capability.

Thanks for the help!
Phil

MCITP 2008 Enterprise Admin
MCSE 2003
Learning as I go…..


   
Quote
(@rich2005)
Honorable Member
Joined: 19 years ago
Posts: 541
 

From your browser you may get a fair amount of joy from the protected storage areas.
You could try downloading Cain and Abel (free) to have a play with, and see what comes up from the protected storage decoder in that.
Rich


   
ReplyQuote
peak
 peak
(@peak)
Active Member
Joined: 16 years ago
Posts: 6
Topic starter  

Thanks for the reminder about Cain/Abel. I've used that before and it turned up some interesting info.
The request was cancelled so I'm done working on it for now.

As a side note, I was impressed by how easily I was able to find my internet search history, rebuild my cache, view cookies info, and pull an image file.

Thanks again,
Phil

MCITP 2008 Enterprise Admin
MCSE 2003
Learning as I go….


   
ReplyQuote
(@gmarshall139)
Reputable Member
Joined: 21 years ago
Posts: 378
 

Yes you can find them. In the Protected Storage System Provider subkey in the registry. Assuming you have authorization to view the data elsewhere on the drive there should be no issue with extracting this information. Now if you go a step further and use it to login you will likely be committing a crime.


   
ReplyQuote
(@armresl)
Noble Member
Joined: 21 years ago
Posts: 1011
 

I didn't see what he said what OS he was using, might not find it in a few OS's.


   
ReplyQuote
Share: