How to retrieve a Password from Asterisks/Dots..

I can't help but true story that happened today.
I send lots of encrypted cd's out to Clinicians/Solicitors and today I got a call from one of them asking for the password.
I told them CH!£8Fv so they tried it with no luck so I gave them the password again - CH!£8Fv but once again not working when the professional said "There's something wrong with my computer, all I can see is asterisks" :D

(Password above is made up)
 
Nah, the keystrokes are sent straight to the server IIRC. The dots just indicate how many characters were typed. If you cut and paste the dots into Word or Notepad, they'll appear as squares like □□□□□□
 
If it's a saved username and password, firefox and chrome offer the ability to see it.
If it's a local application, there are tools to reveal it
 
If you're on a mac then open Keychain, that might have stored it for you :) if not the browser should have it if its coming up in the password field but hidden.
 
Opened Keychain, found the Safari Auto Fill Form, Attempted to reveal password and it comes up as lots of rubbish! (Safari Browser)
 
Paste this into the address bar when on said page (or save as bookmark then navigate to it)
Code:
javascript:(function(){var%20s,F,j,f,i;%20s%20=%20"";%20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j)%20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i)%20{%20if%20(f[i].type.toLowerCase()%20==%20"password")%20s%20+=%20f[i].value%20+%20"n";%20}%20}%20if%20(s)%20alert("Passwords%20in%20forms%20on%20this%20page:nn"%20+%20s);%20else%20alert("There%20are%20no%20passwords%20in%20forms%20on%20this%20page.");})();
 
Copy and paste one of these:

***************

***************

***************

***************

***************

These are the main 5 codes that will unlock a lost Password, you just Paste them in until you find the one that works for you.
 
Nah, the keystrokes are sent straight to the server IIRC. The dots just indicate how many characters were typed. If you cut and paste the dots into Word or Notepad, they'll appear as squares like □□□□□□

Not usually, no. The keystrokes are entered into the password box, the browser or program in the page remembers them, but shows you a dot or asterix, that you either can't copy or copies as that character. Then you hit send or login and the stored value is sent to the server, hopefully in a post request over https, and hopefully not a get over http (Yes, I have seen this, it's kind of hard to miss your password in plaintext in the URL).
 
Back
Top Bottom