While this is not quite an answer to your question, I think it may help you find out. Nir (http://www.nirsoft.net/) has a bunch of tools to extract local passwords. Grab some of his tools, run them with procmon, and see what files and reg keys they try to grab. Then you have a few place to look.
Adrian On Tue, Jan 26, 2010 at 2:23 AM, Jim Halfpenny <[email protected]>wrote: > Sounds like a good topic for a wiki page, or even a whole site. There > is the pauldotcom wiki, I'm sure the good peeps on the list could > quickly fill in the blanks. I know I have some stuff I can contribute. > > Jim > > On 25/01/2010, Nicholas B. <[email protected]> wrote: > > No, I'm not looking for rainbow tables. I'm looking for files that > > various programs and services use to store user credentials in, the > > type of encoding or hashing that is used on them if any and the > > operating system(s) that they might appear on. > > > > On Mon, Jan 25, 2010 at 4:49 PM, Karl Schuttler > > <[email protected]> wrote: > >> Rainbow tables? > >> > >> On Mon, Jan 25, 2010 at 4:23 PM, Nicholas B. <[email protected]> > wrote: > >>> > >>> I'm looking for a site or sites that contain large and if possible > >>> comprehensive lists of files contain username and/or password > >>> credentials. The credentials can be plain-text, encoded or hashed and > >>> if they are encoded or hashed it would be nice to have the method(s) > >>> that was employed to generate these. I'm thinking of files beyond > >>> just the normal /etc/shadow, /etc/master.passwd stuff .htaccess to > >>> files for specific programs and userland files including svn-auth-file > >>> and ~/.vnc/passwd types of content and even more exotic vendor > >>> specific stuff to look for. If anyone can point me to someplace with > >>> a good list of these or would like to attach a list that you've > >>> compiled I would appreciate it. > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >> > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > > -- > Sent from my mobile device > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
