If you already worked with my password recovery tools, you probably know that most of them can only recover the passwords of the current logged-on user, but they cannot recover the passwords from another user profile or from an external drive.
The reason for this limitation is that most of these tools use some Windows API calls to decrypt the passwords, and these API calls only works for the current logged-on user.
In order to allow my tools to recover the passwords from an external drive,
I used my reverse engineering skills to find out exactly how Windows password decryption works, and wrote the code that do the same thing, but without the restriction of the current logged-on user.
So here’s the first tool that uses my new decryption code: Network Password Recovery.
This means that you can now recover the passwords stored inside the Credentials file of Windows XP/Vista/2003/2008 even if you have a dead system that cannot boot anymore.
There is only one restriction: you must know the last log-on password of the user that owned the Credentials file you wish to recover. The SHA hash of the log-on password is used in the process of Credentials file encryption, and without knowing that log-on password, the content of the Credentials file cannot be recovered instantly.