Cracking Outlook Express’s Password

Cracking Outlook Express’s Password


After I released the first edition of - Password Cracking Decrypted Revisited, I got a lot of mails, from people asking me questions, like where Outlook Express stores the Dial Up Password and how to decrypt it or how to get the Outlook Express password of my boss, who is on the same LAN. Well, this edition will to a certain extend answer all such questions.



Outlook Express too like Internet Explorer and a number of other Dial Up Software, provides the user with the option of ‘Save Password.’ This option although it makes connecting to the net easy, is really a stupid security loophole and makes the password of the User vulnerable to being cracked.



Outlook Express stores the Dial Up Networking or DUN Password in the registry, under the following key:



HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts



Well, actually the above key has a number of sub keys, which correspond to and store information on various Internet Connection Accounts. The Accounts (information and configuration details) are stored as 00000001 for the first account, 00000003 for the third and so on.



Clicking on any of these Accounts Key, will display a number of DWORD, String and Binary values in the right pane. All these values store configuration details about how your Internet Connection Account works. However, the key with which we are really interested is only the: POP3 Password2 key.



The POP3 Password2 is the DWORD value, which stores your Internet Connection Password. Actually, it is not Outlook only, which uses, this key, but the Internet Connection Wizard, under which both Outlook and Internet Explorer come.



Anyway, now, once I did find out the key of Outlook express, I racked my brains to figure out the algorithm to decrypt the password so as to get the plaintext one, but somewhere along the way, when I was experimenting for another of my tutorials, I found out a way which would be much more easier, to get the Outlook Password. It requires no coding, no fancy C code editing and has no Mathematics of algorithms involved.