The new version of WirelessKeyView now allows you to recover your wireless network keys from external instance of Windows XP operating system (Vista is not supported yet). This feature can be useful if you have a dead system that cannot boot anymore.
You can use this feature from the user-interface, by using the ‘Advanced Options’ in the File
menu, or from command-line, by using the /external parameter.
Archive for the ‘Utilities Update’ Category
Dialupass is one of the oldest utilities in my sites (7+ years !), so I decided to completely rewrite it, instead of continuing the development of the old one. The new version contains all the current NirSoft standards, including the ability to translate to other languages.
There is also one useful new feature: You can now extract the dialup passwords from an external instance of Windows 2000/XP/2003 (In Advanced Options).
Dialupass 3 is not officially released yet, but you can download a Beta version from here.
The new version of LsaSecretsView allows you to extract the LSA secrets from an external instance of Windows operating system. This feature can be useful if you have a dead system that cannot boot anymore.
You can use this feature from the user-interface, by using the ‘Advanced Options’ in the File
menu, or from command-line, by using the /external parameter.
This feature was also added to LSASecretsDump, which is the console version of LsaSecretsView.
Be aware the currently this feature works for Windows 2000/XP/2003, but not for Windows Vista.
The new version of IE PassView (v1.15) allows you to extract lost passwords stored by Internet Explorer 7.0 from an external drive. This feature can be useful if you have a dead system that cannot boot anymore, and you want to recover your passwords from there.
In order to use this feature, you must know the last log-on password that you used for the user profile that store the passwords.
The new version of Volumouse now allows you to choose any color for the the On-Screen Indicator, as well as you can choose to display a percent label.
Here’s a sample screenshot:
As promised a week ago, here’s the 5 new utilities added to NirSoft Web site:
IPInfoOffline, DNSDataView, SkypeLogView, WirelessNetConsole, and UserProfilesView.
These utilities will also be added very soon to the utilities section and to the ‘NirSoft Panel’ page.
There are 5 new utilities that are currently cooked in the kitchen of Nirsoft, and are going to get out of the oven very soon.
So here they are, with a small description for each of them:
- IPInfoOffline: Allows you to view information about IP addresses, without connecting any external server. It uses a compressed IP addresses database that is stored inside the exe file. For each IP address, the following information is displayed: IP block range, Organization (RIPE, ARIN, APNIC, LACNIC or AFRINIC), Assigned Date, Country Name, and Country Code.
- DNSDataView: This utility is a GUI alternative to the NSLookup tool that comes with Windows operating system. It allows you to easily retrieve the DNS records (MX, NS, A, SOA) of the specified domains. You can use the default DNS server of your Internet connection, or use any other DNS server that you specify.
- SkypeLogView: This utility reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account.
- WirelessNetConsole: Console version of WirelessNetView. It dumps all current detected wireless networks information into the standard output. For each wireless network, the following information is displayed: SSID, Signal Quality in %, PHY types, RSSI, MAC Address, Channel Frequency, and more.
- UserProfilesView: This utility displays the list of all user profiles that you currently have in your system. For each user profile, the following information is displayed: Domain\User Name, Profile Path, Last Load Time, Registry File Size, User SID, and more.
These utilities will probably be ready for the first tasting in the next Saturday (November 1, 2008), and will be served first in this blog, and then later in the entire site, including the utilities and packages sections.
If you already worked with my password recovery tools, you probably know that most of them can only recover the passwords of the current logged-on user, but they cannot recover the passwords from another user profile or from an external drive.
The reason for this limitation is that most of these tools use some Windows API calls to decrypt the passwords, and these API calls only works for the current logged-on user.
In order to allow my tools to recover the passwords from an external drive,
I used my reverse engineering skills to find out exactly how Windows password decryption works, and wrote the code that do the same thing, but without the restriction of the current logged-on user.
So here’s the first tool that uses my new decryption code: Network Password Recovery.
This means that you can now recover the passwords stored inside the Credentials file of Windows XP/Vista/2003/2008 even if you have a dead system that cannot boot anymore.
There is only one restriction: you must know the last log-on password of the user that owned the Credentials file you wish to recover. The SHA hash of the log-on password is used in the process of Credentials file encryption, and without knowing that log-on password, the content of the Credentials file cannot be recovered instantly.
There is a new feature in IECacheView utility that allows you to extract files from the cache of Internet Explorer into the same directory structure of the original Web site.
Just for example, in the following screenshot of IECacheView, you can see the list of cache files downloaded from NirSoft Blog:
If you select all these files, go to “Copy Selected Files To”, and then choose the “Save the files in the directory structure of the Web site” option, the folders structure after saving the files from the cache will look like this one:
While looking into the cache folder of Google Chrome Web browser, I found out that the file structure inside this folder looks a little familiar.
Similar to the cache of Mozilla/Firefox browsers, it has 3 data files, numbered from 1 to 3, when file number 1 is the smallest file, and the largest file is file number 3. It also has a cache map file, which numbered as ‘0’, and other files with hexadecimal numbers which contains the binary content of some cached files.
Here’s an example for the file structure in the cache folder of Chrome:
And here’s the cache folder of Firefox:
After looking more deeply into the cache folder of Chrome, I found out that the internal structures of the cache files are a little different from the structures of Firefox, but it still was very easy to figure out how to read these files, and you can see the result in my new ChromeCacheView utility.
