« previous next »
Pages: [1]   Go Down

Author Topic: (⦿_⦿) EDGE credentials vs passwords  (Read 5922 times)

0 Members and 1 Guest are viewing this topic.

Offline mateusz

  • Newbie
  • *
  • Join Date: May 2022
  • Posts: 3
  • Karma: 0
    • View Profile
(⦿_⦿) EDGE credentials vs passwords
« on: April 12, 2023, 02:00:15 pm »
Hello,

I have the full version of Tweaking.com software

I started to "play" with some services but mostly firewall rules (also local) and I've probably unlinked somehow Edge from It's credentials, there was also some update at night and I've seen Internet Explorer started without a reason. Later on I've started Edge and there were few notices that It started with a new profile (bookmarks and favourites and even history was still there) but ALL MY PASSWORDS ARE GONE.

I was able to go back to recovery point but it didn't help :cry:

I think this might be related somehow to Internet Explorer old services/credentials or Maybe I've locked time/date updates so the System couldn't get certificates or credentials and cleared my passwords? Some of them stayed in the profile folder but most are gone. Please help! :shy::shy: :shy:
« Last Edit: April 13, 2023, 04:24:39 am by mateusz, Reason: new title »
Logged

Offline mateusz

  • Newbie
  • *
  • Join Date: May 2022
  • Posts: 3
  • Karma: 0
    • View Profile
Re: (⦿_⦿) EDGE credentials vs passwords
« Reply #1 on: April 13, 2023, 04:25:35 am »
1. I managed to find file with the login/password data in:
C:\Users\XXXXXXX\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

2. I tried to extract it with Nirsoft WebpassViewer:
[URL unfurl="true"]https://www.nirsoft.net/utils/web_browser_password.html[/URL]

3. It showed logins and websites but no password for Edge (FF, Chrome are fine)

4. Strange thing - I started WebBrowserPassView v2.12 in a software called Sandboxie which was installed on my system to run apps more securely and in Sandboxie I got half of the passwords from Edge. I don't understand it.

5. I believe that there are some credentials missing. I tried software:
a) MadPassExt v1.00 (Microsoft Account DPAPI Password Extractor)
b) VaultPasswordView v1.11
but with no luck, I don't have this folder on my drive:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\CloudAPCache\MicrosoftAccount

Im not sure what to do with this data anyway...

6. I think this might be the resolution but I have no idea how to do it:
[URL unfurl="true"]https://github.com/gentilkiwi/mimikatz/issues/328#issuecomment-768624267[/URL]

Maybe "Windows Repair" could help me to get back the credentials?
Logged

Offline mateusz

  • Newbie
  • *
  • Join Date: May 2022
  • Posts: 3
  • Karma: 0
    • View Profile
Re: (⦿_⦿) EDGE credentials vs passwords
« Reply #2 on: April 13, 2023, 05:17:02 am »
I managed to get the passwords back thanks to Sandboxie- pure luck. There were some credentials in it that were able to decode the passwords with WebBrowserPassView v2.12... 284 passwords are back. I still don't know what file Im missing on the system that is inside Sandboxie
Logged
Pages: [1]   Go Up
« previous next »