There are many ways and special utilities to extract user password hashes from the system. Can I extract the password in clear text? Yes, you can!

What are we talking about?

Not so long ago, we made comprehensive material on how to dump user passwords from a Windows system. Utility Windows Credentials Editor – one of the most famous and universal solutions. However, recently, French researchers released a completely great operating time of mimikatz. In addition to the already known tricks, it can … extract user passwords in clear text. True, only those who logged in to the system before. At first we thought it was a fake, but the very first launch of the utility confirmed that everything worked. The program provides its own console, from which you can run the necessary modules for various situations (the concept of “Swiss knife”). To extract passwords in plain text, you only need three commands:

How does it look like?

Let’s try mimikatz. The conclusion will be in French, but this should not scare you: to see passwords, you do not need to speak the language of Charles De Gaulle:

How it works?

It would seem: what for to store passwords in clear form, if authorization can be done even with a hash? In fact, the latter is not possible everywhere. Therefore, there is a special wdigest security provider in Windows to support authentication types such as HTTP Digest Authentication and other schemes where you need to know the password (and the hash is not enough). In the end, I’ll say that literally at the time the magazine was published, similar functionality appeared in the WCE utility mentioned above.