Upload
gilbert-held
View
229
Download
5
Embed Size (px)
Citation preview
INTERNATIONAL JOURNAL OF NETWORK MANAGEMENTInt. J. Network Mgmt., 8, 368–370 (1998)
Software SpotlightBy Gilbert Held
Password RecoveryWindows Toolkit
Introduction
We live, today, inan electronicera, with thepersonal com-
puter serving as a ubiquitousassistant at work and at home.In addition to having a numberof User-ID password combi-nations to access servers atwork, we also use a variety ofapplication programs and utilityprograms that employ sometype of optional method of pass-word protection. For example,some people may use passwordprotected screen savers, whileother people may elect to pro-tect a file, or range of cells, fromthe possibility of inadvertentdisplay—or the intentionalsnooping of other people. Whilethis use of password protectionis a common occurrence, itforces network managers andLAN administrators to copewith another problem. Thatproblem is the forgotten pass-word.
Eliminating anAdministrative
BurdenManaging a communications
network results in performing a
1998 John Wiley & Sons, Ltd. CCC 1055–7148/98/060368–03$17.50
variety of network relatedactivities. One of those activitiesis the occasional call from a net-work user who has either lockedthemselves out of a server byentering an incorrect passwordseveral times, until a lockoutthreshold was reached, or bysomeone who will actually con-fess that they forgot their pass-word. Since network managersand LAN administrators nor-mally keep a record of User-ID-Password assignments underlock and key, this situation is atworst a minor inconvenience.However, since we appear to bewell-versed in the ability tochange passwords, we thereforetypically receive calls from othernetwork users who are lockedout of different applications andare encountering other pass-word-related problems.
In the past I rapidly got tiredof breaking into applications viacustom programming, in whichI created a program to cyclethrough different combinationsin an attempt to gain access to aprotected file or system. To bequite frank, the time involved tocreate a custom program wasusually several orders of magni-tude greater than the effort ofmany end-users in recon-
structing the contents of a file.Fortunately for us, we can nowavoid many of these customprogramming efforts by usingthe AccessData CorporationPassword Recovery WindowsToolkit, which is the focus ofthis column.
The PasswordRecovery Toolkit
The Password Recovery Win-dows Toolkit is a comprehen-sive program developed to sup-port the retrieval of passwordsfrom both network and stand-alone applications. The Pass-word Recovery Toolkit is a bitsimilar to a restaurant menu,with network access modulesavailable for NetWare 3.X and4.X as well as for Windows NT,and password recovery mod-ules available for over 20 appli-
Figure 1. Activating the PasswordRecovery Toolkit requires the
insertion of a license diskette in thecomputer executing the program.
369SOFTWARE SPOTLIGHT
Figure 2. Using the Password Recovery Toolkit window to locate an appropriate file for password recovery.
cations, ranging from Ami Proand Lotus 1-2-3 to MicrosoftWord, Xtree Gold, and Word-Perfect. Since one of the betterways to obtain an appreciationfor the use of a program isthrough its use, let’s do so.
Using the ProgramSince any password recovery
program can be a bit of a threatif acquired by the wrong person,AccessData includes a few extraprecautions in its program.
Figure 3. Viewing a list of supported Password Recovery Modules.
1998 John Wiley & Sons, Ltd. Int. J. Network Mgmt., 8, 368–370 (1998)
First, the program packageincludes an installation disketteand a license diskette, with thelatter required to be present inthe 3. drive whenever the pro-gram is executed. Figure 1 illus-trates the prompt that appearson the screen of a computerexecuting the Password Recov-ery Toolkit program. Thus,keeping the license disk underlock and key will prevent anunauthorized person from usingthe program.
A second safety measure isthat users are able to add their
own password as a protectionmeasure for the program. Toalleviate a future problem in theevent you forget the program’spassword, you can provideAccessData with a record ofyour access code by entering iton the PIN line on the pro-gram’s registration card. Hope-fully, you will then remember toreturn the card to the vendor,something many of us com-monly forget to do.
Once the program is oper-ational it will display a Pass-word Recovery Toolkit window
370 GILBERT HELD
Figure 4. The password recovery required on a Lotus file, protected with a 10-position password, took approximately 3 seconds.
which facilitates viewing foldersand files on your computer. Fig-ure 2 illustrates a view of thepreviously mentioned windowon my computer.
As discussed at the beginningof this column, the PasswordRecovery Window Toolkit con-sists of a variety of passwordrecovery modules. Some mod-ules are included in the toolkit,while others are available for anadditional charge. Figure 3 illus-trates a portion of the modulesincluded on the evaluation copyof the program that I used. Sincethe program supports Lotus 1-2-3, we will shortly crack the pass-word on a Lotus file to illustratethe program’s ease of use. SinceAccessData typically adds sup-port for different modules, you
1998 John Wiley & Sons, Ltd. Int. J. Network Mgmt., 8, 368–370 (1998)
may wish to contact the vendorif you have questions concern-ing future support for a pro-gram not currently supported.
One common adage thatbears repeating is that ‘the proofof the pudding is in the eating’.Recognizing the validity of thisadage, I created a Lotus 1-2-3file and assigned it a 10-positionalphanumeric password. Oncethis was accomplished, I usedthe window previously shownin Figure 2 to highlight the pass-word protected file and clickedon the key icon. This actionresulted in the recovery of thepassword in slightly more thanthree seconds, a truly impress-ive bit of coding. Figure 4 illus-trates the recovery screen, withthe recovered password shown
associated with the file pre-viously selected.
If you have absent-mindedend-users, the Password Recov-ery Toolkit represents a pro-gram that can save you andyour end-users a considerableamount of time and effort. How-ever, because it is very good atwhat it does, this programshould also be banned from cas-ual end-user acquisition.Instead, it belongs in the desk ofthe network manager or LANadministrator as another tool forour war upon inadvertent errorsand memory lapses.
Password Recovery WindowsToolkitAccessData Corporation2500 North University Avenue,Suite 200Provo, Utah 84604, USA.Tel: +801-785-0363Fax: +801-785-0365Email: infoKaccessdata.comWeb:http://www.accessdata.com K
If you wish to order reprintsfor this or any other articlesin the International Journalof Network Management,please see the SpecialReprint instructions insidethe front cover.