PwlTool
v3.0

 password recovery tools for MS Windows 95/98

(c) 1998 Vitas Ramanchauskas & Eugene Korolev, vitas@webdon.com

HOME   RePwl   Vitas' site   License   Register now   TechNotes   Setup    FAQ   Bug Report

Q: What is a PWL file?
A: Files with the .pwl extension (stands for PassWord List) contain saved passwords. The passwords are stored in an encrypted form, Windows logon password used as a key. If this password is unknown, the access to the PWL file contents can only be obtained by means of a password search. If, while entering a password, you ask Windows to save it, Windows saves a password in a PWL file. PWL files can be found in Windows directory. Their names usually appear as USERNAME.PWL. All PWL files are registered in system.ini file (this file is located in Windows directory).

Q: How do I get passwords from PWL file?
A: Windows encrypts contents of PWL file using user's logon password. If the logon password is known (for example, the one for a current user who has entered the password on startup) then all stored passwords may be extracted easily. But if a logon password is lost then you need to find it first.

Q: What about Windows versions?
A: The original Windows 95 version (as well as Windows 3.11) contained a gross error, which allowed easy deciphering of PWL files. In the OSR2 version this error has been corrected. Windows '98 does not seem to differ from OSR2 in the terms of security, but Windows NT is built quite differently.

Q: What is a PwlView (pwl_cra) program?
A: PwlView is my program that was released in a hurry without any documentation (I thought it was kind of self-explanatory). As a result, I was simply flooded with hundred questions on this program. PWLView has been distributed quite widely. It is available on different sites under different names. PwlView just shows cached passwords using standard (but undocumented) windows API on a local machine for a current user (user must be logged in) and no more.

Q: Why does pwlview work instantly while it takes a lot of time for pwltool to accomplish its task?
A: PwlView shows passwords for current user when the user is logged in. When the logon password is known, all stored passwords may be extracted easily (see above).

Q: My question is not listed here...
A: Ask me via email