[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] cannibalizing useful win9x registry for migration to linux

There are no Linux GPL tools to decrypt win32 outlook express passwords.
Most likely a win32 app would have to be coded.
A DOS style batch script collecting the registry and
collecting the passwords makes most sense.

Outllok Express 5.x uses this registry key to store account settings
[HKEY_USERS\(#user)\Software\Microsoft\Internet Account
Manager\Accounts\(#account)]
this has for POP3 email, the email, account, user, pop server,
SMTP, and the "POP3 Password2"

"POP3 Password2" is an encrypted version of the account password.
Cleartext password should be extracted from packet or port sniffer,
by reseting pop3 server to a box with a port sniffer/logger.
OR
dycrpt the passwords using win32 tools like Reveal and Revelation V.2
(NOTE: I do not recommned or know if these tools are not trojans)
http://www.scottandmichelle.net/scott/program/reveal.html
http://www.snadboy.com
reveal works by converting password boxes (*****)
on open windows to clear text.

These are Free-beer ware. I have not found sourcecode for kind of tool.

Crypto expert Peter Gutmann, decyphered a bunch of MS crypto systems.
Note particularly .pwl, IE and outlook express.
http://www.cs.auckland.ac.nz/~pgut001/

A working copy of Gutmann's  article on "PKCS #12 format used by
Microsoft Internet Explorer, Internet Information Server, Outlook Express,
and many others."
http://www.tlsecurity.net/Textware/Crypto/breakms.txt

-Nathaniel

----- Original Message -----
From: "Nathaniel Pendleton" <knoppixbox@pendletonpress.com>
To: "pacho baratta" <pachox@katamail.com>
Cc: <debian-knoppix@linuxtag.org>
Sent: Wednesday, February 19, 2003 2:36 AM
Subject: [debian-knoppix] cannibalizing useful win9x registry for migration
to linux


> Thank you for the message refering to
> http://mailman.linuxtag.org/pipermail/debian-knoppix/2002-May/000395.html
> In short, I have not created these migration tools.
> If anyone wants to help, please email me.
>
> I was and am still very interested in the Windows to Linux migration
tools.
> I am good at research but am not a coder.
> The registry keys are easy to locate, but often registry
> does not hold all the information that is required.
> Passwords in particular are thorny and held elseware.
> Windows security dll's have weak security and with proper code
> will release the clear text passwords instantaniously.
> Decoding other passwords may require bruteforce attacks.
> This can take significant amounts of time; minute, hours, or days.
> There is a danger that these password finding tools
> would be considered a violation of the DMCA.
> At the minimum, proving that they are not is an expensive
> proposition.
>
> You must be more specific on which settings you need.
> PPP network settings
> Mail settings
> TimeZones (for correct time)
> printer settings
>
> Printer would be the easiset. check here
>
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\(#somepr
> inter)]
>
> TimeZones are useful for a bunch of issues...
> [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation]
>
> Mail settings are hard. Which MUA are you using?
> I have outlook express, which has very little useful stuff in the
registry.
>
[HKEY_USERS\(#username)\Identities\{(#somehugenumber)}\Software\Microsoft\Ou
> tlook Express\]
> this is where I found most info.
> The OE account and password data is apparently held in a file elseware
> perhaps C:\Windows\(#usersname).pwl
> http://www.iopus.com/password_recovery.htm
> is a tool that reads the password probably from
> C:\Windows\(#usersname).pwl
>
> Network Settings
> [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans\0001]
> defaut gateways and more, but DHCP should take care of this.
>
> Modem Settings
> I dont have a modem in this box. Try this key and links.
> [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Modem\xxxx\]
> http://support.microsoft.com/support/kb/articles/q250/6/47.asp
> http://support.microsoft.com/support/kb/articles/q250/6/48.asp
> http://support.microsoft.com/support/kb/articles/q250/6/49.asp
>
> Dial up passwords are held in a file other than the registry.
> http://www.iopus.com/password_recovery.htm
> is a tool that reads the password, but I have forgotten the files that
needs
> to be opened.
> perhaps C:\Windows\(#usersname).pwl
> http://www.cs.auckland.ac.nz/~pgut001/
> has a ton of info, search for "password" in text and start reading.
>
> I hope this helps...
>
> -Nathaniel
>
> ----- Original Message -----
> From: "pacho baratta" <pachox@katamail.com>
> To: <knoppixbox@pendletonpress.com>
> Sent: Tuesday, February 18, 2003 11:04 AM
> Subject: message about win registry
>
>
> > i read only today the message u posted about 1 year ago to
> > debian-knoppix mailing list (see attachment)
> >
> > i think it's very interesting what u said. i was going to do something
> > similar next weeks, cause i'm going to substitute win98 with linux on
> > about 600 pc.
> > what i need to gain back in linux is ppp connect, say mail but it's not
> > so important, maybe printers.
> > did u already implemented this???
> >
> > regards, pacho
> >
>
> _______________________________________________
> debian-knoppix mailing list
> debian-knoppix@linuxtag.org
> http://mailman.linuxtag.org/mailman/listinfo/debian-knoppix
>

_______________________________________________
debian-knoppix mailing list
debian-knoppix@linuxtag.org
http://mailman.linuxtag.org/mailman/listinfo/debian-knoppix
Reply to: