Friday, October 5, 2012

Windows Password File

All, Windows, users would probably be familiar with the infamous ‘pwl’ files or the files
where the Windows login passwords are stored. Well, this manual is aimed at,
simplifying how the authentication works when you type in your User name And
password, what exactly .pwl files contain, where exactly they come into the picture and a
whole lot of related things.
The *.pwl files are basically files in which the Windows Login Passwords are stored in.
These files can be found in the \Windows directory by the name of the User, whose
password it contains. For Example, if your Windows login Username is jit, then the
corresponding password would be stored in c:\windows\jit.pwl Get it? These .pwl files
are readable in any text editor like Notepad, but they are definitely not understandable. A
typical example, of the contents of a .pwl file is as follows:

ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿRp u.ÐX+|rÐq"±/2³Êå¡hBJ‚A×`ÍY¥!íx}qW¤ãƱ!?àÜ6šá˜ôæ4+\
3/4õ+%E°ËÔýmÇÔ ÞI»‚ B à×oeøÐ...'$
This is definitely not something; a normal person can comprehend or make sense of.
Now, besides the Windows registry, Microsoft’s policy of security by obscurity can also
be seen in the case of what .pwl files. Although the original usage of .pwl files was a
standard to be used, by all applications, Microsoft simply does not officially provide any
type of information on the standards of .pwl files.
To get a list of .pwl files in your system or in other words to find out which all passwords
using the .pwl technology (What a good friend of mine likes to call them) are being
stored on a particular system, then simply open c:\windows\system.ini in a plaintext
editor like Notepad and look under the [Password Lists] section. A typical line from this
section would be in the following format: USERNAME=Path_of_pwl_file
For Example,
[Password Lists]
This tells us that the .pwl containing the password for the Username ‘jit’ is stored at:
Post a Comment