paperlined.org
apps > pirate

document updated 12 years ago, on May 11, 2011

Often, when a program needs to remember a password, it can use a one-way hash. But sometimes a hash isn't sufficient, the program has to be able to have the full password in RAM at some point. Since this is a subtle technical distinction that most users will never grok, the latter programs often try to make users think they're just as secure as the former. Nonetheless, these password are almost always easy to recover if you have local access. (many of these really are on the order of ROT13... superficially opaque to the uninitiated, but trivial to get around for those in the know... if the coder was going to put more than a token effort into securing their software, they wouldn't have chosen security through obscurity)

(unfortunately the Google searches for these tend to be obliterated with script-kiddie bait, so the good ones are listed below to save time) (it may be oft repeated and rarely convincing, but I really did collect these for white-hat reasons)

Windows

Nirsoft has a TON of password-revealer tools (ProduKey is one that's not listed there)
standard UI input Password Revealer, developer
Microsoft/Windows/Office product keys: Magical Jelly Bean Keyfinder, Product Key Finder (works on Adobe products too), Nirsoft, developer
local WEP/WPA keys: wzcook, WirelessNetView
MSIE/Outlook passwords: Protected Storage PassView
Firefox is well-designed. It's up-front with the fact that by default, passwords are easily seen... it provides the mechanism itself. (which is good, since that clearly demonstrates to users why the master password feature is a good idea)
other browser decryptors

Linux

Tips to try to avoid script-kiddie bait in Google

Many of these don't work very well, since payware / spyware scammers are motivated by money, but they can still be useful sometimes.

include {source OR source-code} in the search