Reset Windows Password:
searching and decrypting network passwords
To extract network passwords, the program has several modules for reading and decrypting secrets of LSA, protected storage, password manager, Windows Vault, etc.
The decryption of data stored in LSA secrets and in the protected storage is carried out automatically and does not require entering additional parameters. This applies to the following data:
- Cached user passwords
- Passwords of some system accounts, SQL server, remote assistant, etc.
- Passwords of services launched with specific credentials
- Some network passwords stored in server OSes
- Wired connection passwords: RAS, DSL, VPN, etc
- Passwords from old versions of Internet Explorer/Outlook/Outlook Express/FTP, etc.
- Passwords for wireless (WPA/WPA2) connections
- Passwords from domain group policies
For other passwords protected with DPAPI, user account password is required for the successful decryption:
- Passwords stored in Credential manager: passwords for remote computers in your LAN, passwords for some mail accounts (stored by Microsoft Outlook), MSN Messenger passwords, Internet Explorer 7-9 passwords for Web sites that use Basic Authentication or Digest Access Authentication, Remote Desktop, RSS feed credentials, etc.
- Windows Vault records: passwords for some versions of Internet Explorer/Outlook/Windows Mail, account passwords when using PIN/Picture password or biometric authentication (only for Windows 8).
More on DPAPI encryption can be found in our detailed review that covers this protection method.
In some Windows server operating systems, the program can successfully exploit the vulnerability we have found, which allows decrypting DPAPI blobs without entering the data owner’s account password! More information on this is available in our article that covers vulnerabilities in server OSes