HDD from old pc


joncisco

New Member
May 4, 2006
12
0
#1
I was looking at an old hard drive that I had kept in a box since moving into my house (I've been there for almost 5yrs). i found that the hard drive still had my old stuff on it including my favourites etc....I thought that I would try to crack the hotmail access as it was my old hotmail account.....can it be done by looking at the cookies? So far the cookies have lots of numbers in them after the bit that says msn.hotmail.com

Can it be done or am I wasting my time?
 

Complete

Administrator
Aug 19, 2006
861
0
#2
Passwords generally aren't found in cookies. You might have a look in the registry. The easiest way might be to try using the program found here:

nirsoft.net/utils/pspv.html
 

joncisco

New Member
May 4, 2006
12
0
#3
Complete said:
Passwords generally aren't found in cookies. You might have a look in the registry. The easiest way might be to try using the program found here:

nirsoft.net/utils/pspv.html
Thanks but at the moment the hard drive is set as a slave drive on my pc, it's not my main drive.....can I still use that program to view it?
 

kern

New Member
Mar 9, 2007
567
0
#4
and why would you be trying to crack your own defunct hotmail account ?

if its that old, the account would have been suspended and emptied anyway.

if you use third party applications, to discover passwords, they usually have to be installed or run on the drive you are currently running as its running.

Accessdata PRTK can extract passwords from non active storage, the files you need depending upon which OS, and maybe which browser.
That is of course if you chose to let the PC Save the login and password.

id say its more trouble than its worth. unless of course theres a heavy reason why you want to crack your old hotmail account.
 

joncisco

New Member
May 4, 2006
12
0
#5
kern said:
and why would you be trying to crack your own defunct hotmail account ?

if its that old, the account would have been suspended and emptied anyway.

if you use third party applications, to discover passwords, they usually have to be installed or run on the drive you are currently running as its running.

Accessdata PRTK can extract passwords from non active storage, the files you need depending upon which OS, and maybe which browser.
That is of course if you chose to let the PC Save the login and password.

id say its more trouble than its worth. unless of course theres a heavy reason why you want to crack your old hotmail account.
I want to do it for two reasons:
1. To see if I can do it.
2. I already know the password as it is my current account but I want to know how to do it. I know that I said the account was old but I meant that I've had it for a long time and have since changed the password.
 

kern

New Member
Mar 9, 2007
567
0
#6
ah understand. thanks for the clarification.

maybe easier using forensic tools on your current machine.

that way you could try the Live CD's like Helix that have some recourse to grabbing passes from a running system.

also try it with different options under the login,

Save my e-mail address and password
Save my e-mail address
Always ask for my e-mail address and password
 

Complete

Administrator
Aug 19, 2006
861
0
#7
can I still use that program to view it?
I thought you could, but as I look at the program again it doesn't appear that you can. There was an import option that I assumed you could use to import a registry hive. It looks like you use it to export passwords and import them onto other systems.

AccessData products are probably the way to go on this one.
 

Complete

Administrator
Aug 19, 2006
861
0
#8
that way you could try the Live CD's like Helix that have some recourse to grabbing passes from a running system.
Would Helix grab passwords from the slave drive if those registry hives are not loaded?

Now I'm all confused. :wink:
 

JMXER

New Member
Mar 11, 2007
27
0
#9
If you know the password, try doing a word search for the password using WinHex or EnCase. See where it shows up. Your browser might contain the password in the registry and I doubt it would be encrypted.

Either way, you accomplished goal #1. When you find out, please post your findings (not your password, just the results).
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu