Password Recovery, System Security & Forensic Software

Proactive System Password Recovery

Instantly Recover Windows Passwords

If the user can log in to Windows, Proactive System Password Recovery recovers many types of passwords instantly and without lengthy attacks, as well as displays hidden system information such as Product ID and CD Key.

Features and Benefits

Proactive System Password Recovery is not limited to retrieving passwords, and allows manipulating with user credentials and Registry files.

  • Control over user credentials: runs any program with other user’s credentials
  • Displays password history hashes
  • Reads and decrypts password hashes directly from Registry files (SAM and SYSTEM)
  • Backs up Registry files and Active Directory database from local or remote computers
  • Decrypts Windows scripts protected with Script Encoder
  • Shows all users, their group membership and privileges
  • Activates disabled controls
  • Decrypts and browses Windows Protected Storage that keep passwords and auto-complete records for Internet Explorer, Outlook, and Outlook Express
  • Browses ‘LSA Secrets’ records
  • Displays Product ID and CD Key for Windows and Microsoft Office installations
  • Supports Windows 7 (including password for HomeGroup, cached logon password and password history hashes)
  • Extracts saved passwords from Apple Safari (and use them in Intelligent Password Recovery engine)

Advanced Attacks

Certain types of passwords that cannot be recovered instantly are attacked with advanced, highly customizable combinations of dictionary and brute-force attacks.

Many computer users protect different accounts with exactly the same passwords, or with slight variations of a single password. Proactive System Password Recovery automatically adds each password it discovers into a dictionary, quickly unlocking accounts protected with any of the previously recovered passwords and their variations. As many types of passwords are discovered instantly, the chances of unlocking other types of accounts in just minutes are very high.

Advanced Social Engineering

There are passwords that can be recovered instantly, and there are secure passwords that require lengthy attacks to be recovered. However, many computer users use the same or similar passwords to protect various system resources, and even use the same passwords to protect their system accounts.

Proactive System Password Recovery employs an advanced social engineering technology to retrieve all instantly recoverable passwords and try these passwords when unlocking secure ones. Moreover, Proactive System Password Recovery adds all recovered passwords into the dictionary and performs a dictionary attack that is orders of magnitude faster than the brute force recovery.

Types of Passwords

Proactive System Password Recovery can retrieve various passwords assuming that the user has logged in to the system.

Instant Recovery

  • Windows 95/98/ME logon password (user must be logged on)
  • Windows NT4/2000 logon password (user must be logged with administrative privileges)
  • Windows 7 logon password (if it has not been changed)
  • Windows 95/98/ME/NT4/2000/XP/2003 auto logon password
  • .NET Passport password
  • Wireless encryption keys (WEP and WPA-PSK) that are stored with WZC
  • Windows XP stored user passwords (multiple credentials)
  • Screensaver password
  • RAS and dial-up passwords
  • Passwords to VPN (Virtual Private Network) connections
  • Passwords and access rights to shared resources
  • Passwords hidden under the asterisks
  • Password stored on Password Reset Disk
  • Passwords to Remote Desktop Connections
  • Windows 7 HomeGroup password

Fast Recovery

Not all types of passwords can be recovered instantly. Windows securely encrypts several types of passwords, making it necessary to apply advanced attacks in order to recover them.

Many users have passwords that contain words from their native language, numbers and dates from their life, combined with random numbers and characters. ElcomSoft implements several advanced technologies that allow faster recovery. A highly customizable dictionary attack allows specifying various modifiers to the dictionary words. Advanced masks make it possible to specify pieces of information that are known or can be guessed about a password in order to speed up the recovery. The following passwords are quickly recovered with advanced attacks.

  • Windows NT/2000/XP/2003/Vista/2008/WIndows 7 user passwords
  • SYSKEY startup passwords
  • Passwords stored in Domain Cached Credentials
  • WPA-PSK passwords
  • Remote assistance passwords
  • Windows 9x passwords (from PWL-files)