Q: I’ve just had to re-install Windows XP SP3 and redo all my settings and preferences. I ran the New Connection Wizard to enter my dial-up Internet connection details. I entered my user name, password, and password verification without any problems. When I attempted to connect to my ISP I received an error message stating that my user name or password could not be verified. I went straight to Internet Properties, Connections, Settings and re-entered my user name and password. When I again attempted to connect to my ISP my user name and password were verified and my connection was established.
It would appear that when I have entered my details using the New Connection Wizard I have managed to mistype my password twice! Given that I cannot see what I’m typing for my password (just dots on the screen) this may be true but I doubt it very much.
So, my questions for you are: firstly where are my dial-up Internet connection details stored in Windows — specifically my user name and password? Second is there any way to monitor what data is being sent to my ISP when I’m first attempting to connect to them, so that I can see what password I have actually sent to them? Hoping you can help.
A: Windows XP stores its passwords in the C:\Windows\System32\config folder in files called SAM and system. It’s not that simple though because it uses a destructive algorithm to convert the text passwords to a “hash” that’s stored in binary format so isn’t human readable. You can get around this by downloading the free Dialupass program which will unscramble and display your dial-up passwords. Note that your antivirus software may wrongly identify this as a Trojan because of the way it works.
In the days of DOS and early versions of Windows you used to connect via a TTY console which showed the responses being received and sent by the modem. Even then passwords were usually sent in an encrypted form so that you couldn’t see them. The modern equivalent would be to install a packet sniffer such as Wireshark to capture traffic on the dial-up connection. That doesn’t get you round the encryption but might tell you that the login negotiation is taking place correctly.
Installing Wireshark can help you analyse the traffic being sent over a dial-up connection
Originally features in PCU117
{ 2 comments… read them below or add one }
Cool I like it, this is nice blog you have here!
This is a good post, please continue the good work with this blog!