banner

[Pentesting] Secret password storage location of popular windows applications

Level: It's aimed for Pentester / IT Security Auditor.

Now, I want to share with all you the following article, where are expose the secret storage location for password of popular windows applications.

In this context, the article is going to throw a light on those dark regions by exposing the secret storage location and encryption mechanism used by most popular applications.

The article is a complete guide (technical information and related tools) to conduct a full analysis of password file, can be useful in a penetration test or security audit work.

Here, I leave you some example:

Firefox 3.5 or earlier


[Windows XP] 
C:\Documents and Settings\<user_name>\Application Data\Mozilla\Firefox\Profiles\<random_name>.default

[Windows Vista & Windows 7] 
C:\Users\<user_name>\AppData\Roaming\Mozilla\Firefox\Profiles\<random_name>.default



Google Chrome







[Windows XP] 
C:\Documents and Settings\<user_name>\Local Settings\Application Data\Google\Chrome\User Data\Default

[Windows Vista & Windows 7]
C:\Users\<user_name>\Appdata\Local\Google\Chrome\User Data\Default

Internet Explorer 7 or earlier

Basic HTTP Authentication and single sign-on:
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider

Internet Explorer 7 onwards

The sign-on passwords for each website is stored here:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2


The HTTP Basic Authentication are stored in:
[Windows XP]
C:\Documents and Settings\[username]\Application Data\Microsoft\Credentials

[Windows Vista and Windows 7]
C:\Users\[username]\AppData\Roaming\Microsoft\Credentials


For more details, you should read the original article published here.

By: https://twitter.com/#!/lostinsecurity

No hay comentarios :

Publicar un comentario