From: Ray Arachelian <sunder@brainlink.com>
To: cypherpunks <cypherpunks@toad.com
Message Hash: 112abfdff8c2a5c14e4340e072b47200376bd9f40ac2e6bc77301965137e52f4
Message ID: <Pine.SUN.3.96.970528164543.15372E-100000@beast.brainlink.com>
Reply To: N/A
UTC Datetime: 1997-05-28 20:58:32 UTC
Raw Date: Thu, 29 May 1997 04:58:32 +0800
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 29 May 1997 04:58:32 +0800
To: cypherpunks <cypherpunks@toad.com
Subject: [NTSEC] Plaintext passwords exist in registry (fwd)
Message-ID: <Pine.SUN.3.96.970528164543.15372E-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain
=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.| Ray Arachelian | "Boy meets beer. Boy drinks Beer, |./|\.
..\|/..|sunder@sundernet.com| Boy gets another beer!" |/\|/\
<--*-->| ------------------ | |\/|\/
../|\..| "A toast to Odin, | For with those which eternal lie, with |.\|/.
.+.v.+.|God of screwdrivers"| strange aeons, even death may die. |.....
======================== http://www.sundernet.com =========================
---------- Forwarded message ----------
Date: Wed, 28 May 1997 09:17:53 -0700
From: Bill Stout <stoutb@pios.com>
To: PHILIPB@Omnicell.com, chris@auditek.com, ntsecurity@iss.net
Subject: [NTSEC] Plaintext passwords exist in registry
Most facinating what you find if you look.
The registry does store some passwords in plain text. The importance of the
passwords you do find depends on your installation. I found 'password' and
'username' entries at the below locations, but not much software was
installed on these NT boxes. Searching the NT registry for my password
string did not did not display anything, searching the W95 registry for my
specific password string found it in many places:
password locations:
hkey_local_machine\system\controlset001\services\gophersvc\parameters
...\controlset002\"
...\curentcontrolset\"
...\msftpsvc\parameters
...\w3svc\parameters\
username locations:
\hkey+local_machine\software\microsoft\windowsnt\currentversion\winlogon\
...\system\controlset001\services\bh\parameters
...\controlset002\"
...\curentcontrolset\"
...\services\gophersvc\parameters\anonymouseusername
...\logsqlusername
...\msftpsvc\parameters\anonymoususername
...\logsqlusername
...\w3svc\parameters\anonymoususername
...\logsqlusername
_____________________________________________________________________________
Bill Stout (Systems Engineer/Consultant) stoutb@pios.com
Pioneer Standard (Computer Systems & Components) http://www.pios.com/
San Jose, CA (Location of 1 of 52 U.S. offices) (408) 954-9100
*My opinions do not reflect that of the company, and visa-versa, thankfully.*
Return to May 1997
Return to “Tim May <tcmay@got.net>”