Hacking Windows Password - Discover positions of special characters

Posted on 5/11/2007 @ 4:41 PM in #Non Techie by | Feedback | 7372 views

Okay this is terrible - this falls right in line with Windows 95's password field being crackable by SPY++. Back then the approach was, the password textbox would simply mask the password with * characters. So you could get a handle to the window that was the password field, and then simply get the title of the window - and that was the password LOL.

Well, that was almost too easy, so they fixed it in Windows 98.

But here is something just as terrible (well atleast 20% as terrible).

They advise you to have complex passwords, right? So instead of having a simple password such as "approach", you should have a password like "appr0@ch".

Okay, so the complex password has both numbers and complex characters.

It would make my life a hella lotta easier if I knew the positions of the complex characters eh? ;-),

So here is how you do it - demo'ed on Hotmail's loginid/password field.

I'm gonna type in the password appr0@ch in the password field, and place my cursor at the very beginning of the password text field.  Here is how it looks -

Now, very carefully, press CTRL+ Right Arrow Key. Here is how it looks -

LOL, see where the cursor is?

Yep - that's where the "0" character was. Press CTRL+Right arrow key once again, and that takes you where the "@" character was.

Now, since the set of complex character that you can type out of your keyboard is actually smaller than ascii characters, I have already limited atleast two character spaces to a smaller set of possibilities. So as you can see, using complex characters actually weakens your passwords ;-). Now 99/100 cases, that complex character is a mnemonic. So I could write a program to guide my brute force cracking mechanism. BAH!

(I sniff a security update soon .. sniff! sniff!)

Update: Per the feedback, apparently this happens only in IE/HTML textbox. Still nasty nonetheless!

Sound off but keep it civil:

Older comments..

On 5/11/2007 3:10:40 PM FuzzFace said ..
Only works in IE not Firefox

On 5/11/2007 4:02:06 PM Sahil Malik said ..
Okay, so it ain't so terrible afterall - did ya test on a regular windows password box?

On 5/11/2007 4:08:21 PM Jimmy Two Times said ..
You have too much free time...

On 5/11/2007 4:09:06 PM Scott said ..
I tested on a basic auth password field (in IE) and this doesn't happen.

On 5/11/2007 4:40:45 PM Sahil Malik said ..
Okay - so this happens only in the HTML rendered password field in IE.

Still nasty nonetheless.

On 5/16/2007 3:52:28 AM Foxedup said ..
Erm, am I missing something, or for this to work do you not already need the password in the box? All you have to do is press the Sign in button to get access...

...knowing where the special characters are is kinda pointless

On 5/16/2007 12:36:32 PM Sahil Malik said ..
Foxed up - sometimes passwords are saved in the IE cache/password mgr.

On 6/18/2007 4:06:12 PM ekarshi mitra said ..
foxedup is quite right "...knowing where the special characters are is kinda pointless "

On 6/3/2009 12:31:53 PM erijon said ..
i am not understand it please convert in albanian

On 7/25/2009 10:18:19 AM khaledam said ..
thank you i will try