3/22/2011

Password Storage Locations For Popular Windows Applications

http://www.nirsoft.net/articles/saved_password_location.html




Password Storage Locations For Popular Windows Applications

See also: Windows Password Recovery Tools

Many people ask me about the location in the Registry or file system that Windows applications store the passwords. So I prepared a list of password storage locations for more than 20 popular applications and Windows components.
Be aware that even if you know the location of the saved password, it doesn't mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile.
However, you can use this information to remove unwanted saved passwords from your system.
  • Windows Network Passwords (XP/Vista/2003): When you connect to the file system of another computer on your network (something like \\MyComp\MyFolder), Windows allows you to save the password. If you choose to save the password, the encrypted password is stored in a credential file.
    The credential file is stored in the following locations:
    • Windows XP/2003: [Windows Profile]\Application Data\Microsoft\Credentials\[User SID]\Credentials and [Windows Profile]\Local Settings\Application Data\Microsoft\Credentials\[User SID]\Credentials
    • Windows Vista: [Windows Profile]\AppData\Roaming\Microsoft\Credentials\[Random ID] and [Windows Profile]\AppData\Local\Microsoft\Credentials\[Random ID]
    You can use my Network Password Recovery utility to view all passwords stored in these Credentials files.
  • Dialup/VPN Passwords (2000/XP/Vista/2003): Dialup/VPN passwords are stored as LSA secrets under HKEY_LOCAL_MACHINE\Security\Policy\Secrets. This key contains multiple sub-keys, and the sub-keys which store the dialup passwords contains one of the following strings: RasDefaultCredentials and RasDialParams.This key is not accessible from RegEdit and other tools by default, but you can use one of the following methods to access this key:
    1. Use at command to run RegEdit.exe as SYSTEM user: (doesn't work under Vista)
      For Example:
      at 16:14 /interactive regedit.exe
    2. Change the permission of entire Security key. If you do that, it's recommeneded to return the permissions back to the original after you finish.
  • Internet Explorer 4.00 - 6.00: The passwords are stored in a secret location in the Registry known as the "Protected Storage". The base key of the Protected Storage is located under the following key: "HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider". In order to view the subkeys of this key in RegEdit, you must do the same process as explained for the LSA secrets.
    Even when you browse the above key in the Registry Editor (RegEdit), you won't be able to watch the passwords, because they are encrypted. Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.IE PassView and Protected Storage PassView utilities allow you to recover these passwords.
  • Internet Explorer 7.00 - 8.00: The new versions of Internet Explorer stores the passwords in 2 different locations. AutoComplete passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2. HTTP Authentication passwords are stored in the Credentials file under Documents and Settings\Application Data\Microsoft\Credentials , together with login passwords of LAN computers and other passwords.IE PassView can be used to recover these passwords.
  • Firefox: The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version) These password files are located inside the profile folder of Firefox, in [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name] Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.
  • Google Chrome Web browser: The passwords are stored in [Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (This filename is SQLite database which contains encrypted passwords and other stuff)
  • Opera: The passwords are stored in wand.dat filename, located under [Windows Profile]\Application Data\Opera\Opera\profile
  • Outlook Express (All Versions): The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.
  • Outlook 98/2000: Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.
  • Outlook 2002-2008: All new versions of Outlook store the passwords in the same Registry key of the account settings. The accounts are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[Account Index] If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.Mail PassView can be used to recover lost passwords of Outlook 2002-2008.
  • Windows Live Mail: All account settings, including the encrypted passwords, are stored in [Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[Account Name] The account filename is an xml file with .oeaccount extension.Mail PassView can be used to recover lost passwords of Windows Live Mail.
  • ThunderBird: The password file is located under [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name] You should search a filename with .s extension.
  • Google Talk: All account settings, including the encrypted passwords, are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[Account Name]
  • Google Desktop: Email passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\[Account Name]
  • MSN/Windows Messenger version 6.x and below: The passwords are stored in one of the following locations:
    1. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
    2. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MessengerService
    3. In the Credentials file, with entry named as "Passport.Net\\*". (Only when the OS is XP or more)
  • MSN Messenger version 7.x: The passwords are stored under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds\[Account Name]
  • Windows Live Messenger version 8.x/9.x: The passwords are stored in the Credentials file, with entry name begins with "WindowsLive:name=". These passwords can be recovered by both Network Password Recovery and MessenPass utilities.
  • Yahoo Messenger 6.x: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager ("EOptions string" value)
  • Yahoo Messenger 7.5 or later: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager - "ETS" value. The value stored in "ETS" value cannot be recovered back to the original password.
  • AIM Pro: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\AIM\AIMPRO\[Account Name]
  • AIM 6.x: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords
  • ICQ Lite 4.x/5.x/2003: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners\[ICQ Number] (MainLocation value)
  • ICQ 6.x: The password hash is stored in [Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb (Access Database) (The password hash cannot be recovered back to the original password)
  • Digsby: The main password of Digsby is stored in [Windows Profile]\Application Data\Digsby\digsby.dat All other passwords are stored in Digsby servers.
  • PaltalkScene: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Paltalk\[Account Name].
See also: Windows Password Recovery Tools

3/21/2011

NirBlog: Saved Password Locations

NirBlog: Saved Password Locations


MONDAY, NOVEMBER 24, 2008

Saved Password Locations

Many people ask me about the location in the Registry or file system that applications store the passwords. So I prepared a list of password storage locations for popular applications.
Be aware that even if you know the location of the saved password, it doesn't mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile.

  • Internet Explorer 4.00 - 6.00: The passwords are stored in a secret location in the Registry known as the "Protected Storage".
    The base key of the Protected Storage is located under the following key:
    "HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider".
    You can browse the above key in the Registry Editor (RegEdit), but you won't be able to watch the passwords, because they are encrypted.
    Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.

    IE PassView and Protected Storage PassView utilities allow you to recover these passwords.


  • Internet Explorer 7.00 - 8.00: The new versions of Internet Explorer stores the passwords in 2 different locations.
    AutoComplete passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
    HTTP Authentication passwords are stored in the Credentials file under Documents and Settings\Application Data\Microsoft\Credentials , together with login passwords of LAN computers and other passwords.

    IE PassView can be used to recover these passwords.


  • Firefox: The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version)
    These password files are located inside the profile folder of Firefox, in [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]
    Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.


  • Google Chrome Web browser: The passwords are stored in [Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data
    (This filename is SQLite database which contains encrypted passwords and other stuff)


  • Opera: The passwords are stored in wand.dat filename, located under [Windows Profile]\Application Data\Opera\Opera\profile


  • Outlook Express (All Versions): The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.

    Both Mail PassView and Protected Storage PassView utilities can recover these passwords.



  • Outlook 98/2000: Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.

    Both Mail PassView and Protected Storage PassView utilities can recover these passwords.



  • Outlook 2002-2008: All new versions of Outlook store the passwords in the same Registry key of the account settings.
    The accounts are stored in the Registry under HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[Account Index]
    If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.

    Mail PassView can be used to recover lost passwords of Outlook 2002-2008.


  • Windows Live Mail: All account settings, including the encrypted passwords, are stored in [Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[Account Name]
    The account filename is an xml file with .oeaccount extension.

    Mail PassView can be used to recover lost passwords of Windows Live Mail.


  • ThunderBird: The password file is located under [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]
    You should search a filename with .s extension.



  • Google Talk: All account settings, including the encrypted passwords, are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[Account Name]


  • Google Desktop: Email passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\[Account Name]


  • MSN/Windows Messenger version 6.x and below: The passwords are stored in one of the following locations:
    1. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
    2. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MessengerService
    3. In the Credentials file, with entry named as "Passport.Net\\*". (Only when the OS is XP or more)


  • MSN Messenger version 7.x: The passwords are stored under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds\[Account Name]


  • Windows Live Messenger version 8.x/9.x: The passwords are stored in the Credentials file, with entry name begins with "WindowsLive:name=".

    These passwords can be recovered by both Network Password Recovery and MessenPass utilities.


  • Yahoo Messenger 6.x: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager
    ("EOptions string" value)



  • Yahoo Messenger 7.5 or later: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager - "ETS" value.
    The value stored in "ETS" value cannot be recovered back to the original password.



  • AIM Pro: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\AIM\AIMPRO\[Account Name]


  • AIM 6.x: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords



  • ICQ Lite 4.x/5.x/2003: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners\[ICQ Number]
    (MainLocation value)



  • ICQ 6.x: The password hash is stored in [Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb (Access Database)
    (The password hash cannot be recovered back to the original password)


  • Digsby: The main password of Digsby is stored in [Windows Profile]\Application Data\Digsby\digsby.dat
    All other passwords are stored in Digsby servers.


  • PaltalkScene: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Paltalk\[Account Name].
===================================================================================
좋은것만 만들어주는 nirsoft에서-_- 좋은 자료를 또 올려 주었다. 고마울뿐...
각각의 경우 다들 알수 있고 이미 많이들 알만한 자료긴 하는데, 잘 모아놓았으니 ㄳ
비밀번호는 각 프로그램마다 각각 저장하는 위치나 저장 방식이 다르다보니
다음처럼 나누어 놨다.
Internet Explorer 4.00~6.00 (IE PassView, Protected Storage PassView)
Reg: HKCU\Software\Microsoft\Protected Storage System Provider

Internet Explorer 7.00~8.00 (IE PassView)
Reg: HKCU\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
-HTTP 인증을 위한 패스워드는
Documents and Settings\Application Data\Microsoft\Credentials

FireFox
FS: [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]
Filenames: signons.txt, signons2.txt, and signons3.txt (버젼따라다름)
같은 폴더 안에 key3.db는 암호/복호화를 위해 사용

Google Chrome
FS: [Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data
암호화 되어 있는 SQLite DB파일

Opera
FS: [Windows Profile]\Application Data\Opera\Opera\profile\wand.dat

Outlook Express(All),98/2000 (Mail PassView, Protected Storage PassView)
구버젼 IE처럼 Protected Storage에 저장됨.

Outlook 2002~2008 (Mail PassView)
Reg: HKCU\Microsoft\Windows NT\CurrentVersion\Windows MessagingSubsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[Account Index]

Windows Live Mail (Mail PassView)
FS: [Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[Account Name]
.oeaccount 확장자의 Account File

ThunderBird
FS: [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]
.s 확장자의 파일

Google Talk
Reg: HKCU\Software\Google\Google Talk\Accounts\[Account Name]

Google Desktop
Reg: HKCU\Software\Google\Google Desktop\Mailboxes\[Account Name]

MSN/Windows Messenger version 6.x and below
다음중 한군데...
1) Reg: HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
2) Reg: HKEY_CURRENT_USER\Software\Microsoft\MessengerService
3) FS: FileName에 Passport.Net\\* 안에 인증 파일 형태(XP이상)

MSN Messenger version 7.x
Reg: HKCU\Software\Microsoft\IdentityCRL\Creds\[Account Name]

Windows Live Messenger version 8.x/9.x
FS: 파일 이름이 "WindowsLive:name="로 시작하는 인증 파일
(Password RecoveryMessenPass로 해당 패스워드를 복구 할수 있다)

Yahoo Messenger 6.x
Reg: HKCU\Software\Yahoo\Pager ("EOptions string" value)

Yahoo Messenger 7.5 or later
Reg: HKCU\Software\Yahoo\Pager - "ETS"

AIM Pro
Reg: HKEY_CURRENT_USER\Software\AIM\AIMPRO\[Account Name]

AIM 6.x
Reg: HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

ICQ Lite 4.x/5.x/2003
Reg: HKCU\Software\Mirabilis\ICQ\NewOwners\[ICQ Number]

ICQ 6.x
FS: [Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb

Digsby
FS: [Windows Profile]\Application Data\Digsby\digsby.dat

PaltalkScene
Reg: HKEY_CURRENT_USER\Software\Paltalk\[Account Name]
옮겨 적다보니 꽤 된다-_- 싹다 EnCase에 EnScript로 추출하게 등록은 하면
좋을 것 같은데...이거 엄청 귀찮은걸-_ -;;; 이미 해두신분 어디 없으려나...

3/09/2011

AMD radeon price/spec

표1】라데온 HD 6990의 스펙 비교 
제품명Radeon HD 6990($699)Radeon HD 6970($370)Radeon HD 6950Radeon HD 5970Radeon HD 5870($580)Radeon HD 5850
코드네임AntillesCaymanCaymanHemlockCypressCypress
SIMD수24x2242220x22018
SP3,0721,5361,4083,2001,6001,440
텍스처 유닛19296881608072
ROP 유닛643232643232
GPU클럭(MHz)830880800725850725
메모리 클럭(MHz)5,0005,5005,0004,0004,8004,000
메모리 종류GDDR5GDDR5GDDR5GDDR5GDDR5GDDR5
메모리 버스256256256256256256
메모리 용량(MB)4,0962,0482,0482,0481,0241,024
최대 소비 전력350190140294188151
대기 상태 전력372020422727
보조 전원 포트8+88+66+68+66+66+6