Home > Information > Blog > Show blog article
Show blog article
22.09.2017
Reset Windows Password v8.0
Support for domain cached credentials, new bootable environment
15.09.2017
Wireless Password Recovery 4.2.2
Support for new GPU devices, some improvements
05.09.2017
Passcape Wordlist Collection
Reorganization in collection's structure, new wordlists
25.08.2017
New blog post
Analyzing rule efficiency in a hybrid dictionary attack

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

What is Windows Vault?

09:15:43 19.10.2012 posted by Passcape_Admin at 09:15:43 19.10.2012

Amazingly, Windows Vault was first introduced to the public with the release of Windows 7, but there's still no normal information with its description on the net. The documentation on this interesting subject is either completely absent or, to say the least, is superficial. So, what is Vault?

Windows Vault is a protected storage for secrets, passwords and other personal information user or system.

Windows Vault has come to replace the outdated 'Credential Manager', which was used in the earlier versions of Windows. Vault has acquired a number of new features:

  • Backing up and restoring all passwords
  • Improved encryption system and portability to other systems
  • Improved programming interface
  • Manual creation and administration of Vault storages
Windows Vault

On the physical level, Vault is a disk-based folder with a set of the following files:

  • Policy.vpol - set of encryption keys for Vault credentials (records). These keys can be protected using two basic methods: either using DPAPI or using a specific user password. The latter protection method is not used in Windows 8 and currently is not supported by the software.
  • <GUID>.vsch - Vault schema that contains data description, flags and other system information.
  • <GUID>.vcrd - Vault credential that stores the original encrypted data associated with a certain schema. The data may consist of and normally consists of several fields. Description of the fields is stored in vsch file. AES algorithm is used to protect Vault credentials. Encryption/decryption key for the algorithm resides in policy.vpol file, salt is involved to prevent instant data recovery using rainbow-table-based attacks.

There are two types of Vault storage at the moment: system Vault and user Vault. The user Vault may be found at the following locations:

<USER_APP_DATA>/Microsoft/Vault/<GUID>
<USER_LOCAL_APP_DATA>/Microsoft/Vault/<GUID>
For example,
С:/Users/Helen/AppData/Roaming/Microsoft/Vault/4BF4C442-9B8A-41A0-B380-DD4A704DDB28
С:/Users/John/AppData/Local/Microsof/tVault/18289F5D-9783-43EC-A50D-52DA022B046E

Note that any user can create a custom Vault storage and save here a private data. Windows has VaultCmd.exe utility for managing custom Vaults.


System Vault by default resides in the following folders:

<SYSTEM_APP_DATA>/Microsoft/Vault/<GUID>
<SYSTEM_LOCAL_APP_DATA>/Microsoft/Vault/<GUID>
<PROGRAM_DATA>/Microsoft/Vault/<GUID>
For example,
С:/Windows/System32/config/systemprofile/AppData/Roaming/Microsoft/Vault/...
С:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Vault/...
C:/ProgramData/Microsoft/Vault/AC658CB4-9126-49BD-B877-31EEDAB3F204

Some of the folders have the system attribute set on, which makes the folders hidden in Windows Explorer.


So, Windows Vault is a structured storage for private data that has come to replace Credential Manager. Microsoft's another attempt to create a universal storage for secrets that Windows lacks so badly. We have written about this already.

Take a look at the following pictured sample on how to use Vault Explorer tool to recover Vault credentials offline.




 
Rating
Current rating RatingRatingRatingRatingRating
Avarage rating Ø 7.50
Number of votes 4
Your vote Rate this message: 1Rate this message: 2Rate this message: 3Rate this message: 4Rate this message: 5Rate this message: 6Rate this message: 7Rate this message: 8Rate this message: 9Rate this message: 10

Comments

There are no comments existing at the moment.
Add comment

Spamprotection