PwlTool v3.0	password recovery tools for MS Windows 95/98
(c) 1998 Vitas Ramanchauskas & Eugene Korolev, vitas@webdon.com
HOME RePwl Vitas' site License Register now TechNotes Setup FAQ Bug Report

RePwl

Commercial version only:: You will be asked for a serial number during the first run. If you reinstall Windows or move the program to another computer you will need this number again. Please do not distribute the number!

Program Usage: How to...

...view cached passwords for the current user (user must be logged in): just run RePwl. You'll see all cached passwords in 'cached passwords' text box.

...view cached passwords for another user (login password is known): enter a username and known password for it. Leave 'PWL file' field empty. Press the 'CheckPassword' button.

...view cached passwords stored in PWL file from another computer (login password is known): select a PWL file (use 'Browse' button or enter a complete filename manually). Adjust username, if necessary. Enter the known login password. Press 'CheckPassword' button.

...find unknown login password (and view cached passwords): select a PWL file (use 'Browse' button or enter a complete filename manually). Adjust username if necessary. Now you may try a dictionary search ('dictionary' button, accessible in the registered version only) or a linear search (also known as 'brute force attack') ('SearchPassword' button).

Dictionary search (available in the registered version only).
The point is that passwords are made up by living people, and many people are alike. Therefore people use some words more frequently than others. Frequency dictionaries list the most popular words. Good dictionaries contain hundreds thousand words. Remember that a good frequency dictionary is not just a dictionary. A usual dictionary does not contain names of corporations, movie titles, trademarks etc. A good frequency dictionary is composed of actual passwords made up by people just like you. Dictionary search is fast enough (even if a huge dictionary is used). So try the dictionary search first!

Make sure that dictionary file named dict.txt resides in the same directory with RePwl. There are no dictionaries included into RePwl package. You may download

a relatively small (~80 Kb compressed) dictionary from http://webdon.com/DownLoad/DIC1.ZIP

or a huge one (~9 Mb compressed) http://www.kull.ch/Bauersachs/download/allwords2.zip .

Important! Make sure that all words in dictionary are in upper case. Use any text editor to capitalize it if necessary.

Linear Search (brute force attack).
Set maximum password length (5 by default) and character set (A-Z by default) and press the 'SearchPasswordFast' button. Note that Windows capitalizes all passwords. You should also keep in mind that RePwl does not check for empty login password. You might waste a lot of time searching for a password that had never actually existed. Press 'CheckPassword' button to check for an empty password.

The password search time varies with respect to the password length and charset size. This is the time it takes to get a password in the most unfavorable case. In the 'best case' (i.e., the most favorable case) the very first password will be the right one. The probability to find a password during the time of t equals to p=t/T, for example, a probability to find the password during the half of time indicated equals to 50%.
The search speed is assumed equal to 50,000 passwords per second (Pentium-200).

psw length / charset


26 (letters only)	36 (letters & digits)	70 (all printable)
4	Instantly	instantly	8 minutes
5	4 minutes	20 minutes	9 hours
6	100 minutes	12 hours	27 days
7	45 hours	18 days	5 years
8	24 days	21 months	371 years
9	48 days	65 years	26,000 years

Controls description

Zombie mode: when this option is checked, RePwl won't spend time on handling user interface during password search. This way you will see neither progress bar nor 'Cancel' button. To terminate RePwl in zombie mode press Ctrl-Alt-Del, select RePwl in the task list and terminate it -- this is the only way to do it. Moreover, in the zombie mode RePwl runs at higher priority; as a result, RePwl works faster in the zombie mode, but you may have problems with multitasking environment (other tasks may slow down significantly).

CheckUser: Enter username and press this button to find out whether the user is registered in the system.

SearchPassword vs SearchPasswordFast: 'SearchPassword' button is a leftover from the past. It uses standard (but undocumented) Windows API for password search. It works slowly (like in the demo version). Moreover, it will work only with PWL files registered in the system (listed in system.ini file). Normally you should use SearchPasswordFast button. It does not use Windows API and works at the highest speed possible. It seems that this is as fast as it getsà
Status indicators: display the last password found, time elapsed (h:m:s:ms) and search speed.

Tips

You can also double-click a PWL file in Windows Explorer to open it.
An additional property page is now available for PWL files (right click in Explorer and select Properties to see it).

Thanks again for having registered the program!
As a registered user you will be receiving program updates for FREE. If you have any questions, please feel free to ask.

Some WEB Links:

http://webdon.com Author's home page

http://webdon.com/vitas/pwltool.htm PwlTool home page

http://webdon.com/vitas/psw.htm Everything about passwords: how to choose and how to recover them

http://webdon.com/vitas/pwl.htm Some info about PWL files

http://webdon.com/vitas/softmare.htm Security related stuff