Recovering Clear Text Passwords – Updates

I recently wrote articles on both Mimikatz and WCE, two programs that can recover passwords from Windows based systems in clear text. There has been some updates for both and I just wanted to pass them along.


Benjamin Delpy aka ‘gentilkiwi‘, recently spoke at the Positive Hack Days security conference in Moscow. At the conference our friend discussed a new version of Mimikatz, one that exploits a weakness in the LiveSSP provider and allows the viewing of Windows Live passwords from Windows 8 systems!

The Mimikatz program and a copy of the PH Days presentation slides can be found at the Gentilkiwi website.

Windows Credentials Editor

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present.

Hernan from Amplia Security (creator of WCE) contacted me as soon as I posted the article. As fast as I could run some tests for him on my configuration, he created a fix for this. The delay between the original article and the fix was completely on me. Hernan was amazing!

In a test version he sent me, WCE correctly recovered and displayed both users with passwords and those without, as you can see in the screenshot below:

Secure_User has the insane password, the user George went the bad route and used his first name as a password, and Fred chose worse, as he used no password at all. And of course all three are administrator accounts. Good thing this is just a test Virtual Machine!  🙂

WCE can be obtained from Amplia Security.

The talent that both Benjamin and Hernan have is just amazing. Though I have dabbled with programming since I was a kid, (okay I suck at it!) these guys are just on a whole different level.

Thanks so much for your work!


One thought on “Recovering Clear Text Passwords – Updates”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: