0
1
If I check the checkbox remember my password on SecureCRT which file does SecureCRT write my username and password to?
SES
Posted 2013-01-09T16:10:09.420
Reputation: 1
Where does SecureCRT save usernames and passwords?
Answers
1
In SecureCRT Version 7.2, session ini files are stored here:
%APPDATA%\VanDyke\Config\Sessions
The default.ini file starts as follows:
S:"Username"=mysteryna
S:"Password"=
S:"Login Script V2"=
D:"Session Password Saved"=00000000
S:"Monitor Username"=
S:"Monitor Password"=
D:"Is Session"=00000001
S:"Protocol Name"=SSH2
D:"Request pty"=00000001
S:"Shell Command"=
D:"Use Shell Command"=00000000
D:"Force Close On Exit"=00000000
D:"Forward X11"=00000000
S:"XAuthority File"=
S:"XServer Host"=127.0.0.1
D:"XServer Port"=00001770
D:"XServer Screen Number"=00000000
D:"Enforce X11 Authentication"=00000001
D:"Request Shell"=00000001
D:"Max Packet Size"=00001000
D:"Pad Password Packets"=00000001
S:"Sftp Tab Local Directory"=C:\Users\{yourname}\Documents
S:"Sftp Tab Remote Directory"=
S:"Hostname"=
S:"Firewall Name"=None
D:"Allow Connection Sharing"=00000000
D:"Disable SFTP Extended Commands"=00000000
D:"[SSH2] Port"=00000016
S:"Key Exchange Algorithms"=gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
S:"Cipher List"=aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
S:"MAC List"=hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64@openssh.com
S:"SSH2 Authentications V2"=password,publickey,keyboard-interactive,gssapi
S:"Compatibility Mode V2"=Auto Detect
[snip]
mysteryna
Posted 2013-01-09T16:10:09.420
Reputation: 11
0
Well, it may vary within versions, but the one I know (v. 6.5.1) stores the username and password inside the .ini file for each session saved in the directory \Program Files\SecureCRT\config\Sessions.
S:"Username"=john
S:"Password"=uec99b0a4283ff19e5...
But it stores the password encripted.
Adriano P
Posted 2013-01-09T16:10:09.420
Reputation: 385
0
Here is how to recover saved passwords, which is basically what the author was looking for:
1. Install "Roboform"
2. Edit the connection of the lost password, and change the username (copy and paste first if you don't want to damage the original connection)
3. Connect to host - this will fail because the username doesn't match password
4. The SecureCRT prompt show up with the password pre-filled
5. Click the Roboform "SAVE" button, connect again, and Roboform creates a new passcard for you with the password in plain text.
6. Click the "Edit" in roboform to see the password
cnd
Posted 2013-01-09T16:10:09.420
Reputation: 161
-1: The default SecureCRT configuration storage directory on Windows has changed, per mysteryna's answer.
– Warren Young – 2015-06-26T13:32:40.267Wish putty would save to a config file instead of the registry. – mdpc – 2013-01-09T17:32:06.483
is it hash or just encryption? if it is a encryption which version is this? – SES – 2013-01-09T19:17:04.313
According to this post, it is an encryption, but VanDyke won't "offer a mechanism to 'decrypt' stored passwords". That is, they won't tell what encryption algorithm they use.
– Adriano P – 2013-01-10T19:11:06.187thank you for your answers. Did you realize that all passwords begin with u? and if your password is the same in an other computer you can just change the host name in .ini file, than you can login. i think there is a step i missed. – SES – 2013-01-11T15:32:02.453