RE: WinNT and previously used passwords

From: V (progman@netvision.net.il)
Date: 05/25/02 

Date: Sat, 25 May 2002 10:35:16 +0200
From: V <progman@netvision.net.il>
To: 'KF' <dotslash@snosoft.com>

This behavior is Password History and defined by the admin in the
Password Policies panel on NT/2k machines, stating how many previous
password should it remember, whether demand it's complexity, length, and
so on.

I'm not aware of any tools that extract these, and I have a feeling that
it is not possible.
In any case, if I had to guess on their whereabouts it would be
\WINNT\SYSTEM32\CONFIG (where registry keys are stored, including the
current SAM).

Its an interesting issue thought.

Cheers,
  - V.

-----Original Message-----
From: KF [mailto:dotslash@snosoft.com]
Sent: Friday, May 24, 2002 8:52 AM
To: vuln-dev@security-focus.com
Subject: WinNT and previously used passwords

Today I got a message when I logged in to my domain about my pass being
expired... so as expected I went ahead and typed in a new password. Next

thing I know NT (win2k really) is barking at me saying I can not use any

of my previous 10 passwords. Aparantly the one I wanted to use today was

one I used a while ago. I found it interesting that SOMEWHERE my last
10 passwords are achived in the SAM or registry maybe? So my question is

are there any tools similar to l0pht crack in which the last 10
passwords can be extracted from either the registry or the SAM file or
where ever they are hiding? If I remember correctly l0pht crack grabs
the CURRENT password and trys to crack the hash . I am not aware of it
going after the old passwords so forgive me if l0pht crack already does
this. I think being able to determine a persons last 10 passwords would
help in guessing what they may pick next... people tend to form
patterns.

-KF

Relevant Pages

  • WinNT and previously used passwords
    ... 10 passwords are achived in the SAM or registry maybe? ... passwords can be extracted from either the registry or the SAM file or ... If I remember correctly l0pht crack grabs ...
    (Vuln-Dev)
  • RE: SidHistory and password migration with ADMT
    ... SidHistory and password migration with ADMT ... |- added to registry ... |passwords are blanks. ...
    (microsoft.public.windows.server.migration)
  • Re: Securing my app with serial number
    ... The app has two passwords hard-coded into it, we'll call them A and B. ... It then encrypts that string with password A, ... and stores it in the registry as a challenge code. ... I can also insert some extra data into the beginning of unlock code ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Decode Outlook2003 POP3 password?
    ... >> to decode the Outlook2003 passwords stored in the registry. ... > a second computer connected to the LAN as a bogus POP server. ... > article shows you how to recover Outlook passwords using only the ... > Windows optionally stores Outlook POP passwords in the registry. ...
    (alt.2600)
  • Re: Directory sharing;
    ... You can't preset user names and passwords for NTLM in the registry. ... could build a suitable program that will run on the first boot of the ... My customer wants to connect a desktop machine to a wince device using ...
    (microsoft.public.windowsce.platbuilder)