Sometime on Mar 30, Nikhil Joshi assembled some asciibets to say:
The encryption is one-way! There's no known algorithm that can get back the password for you.
http://geocities.com/supercracks2000/tools/snitch.zip
It recovers dialup passwords from windows (9X)
passwords in win 9x use very weak encryption. all passwords are stored in the user's .pwl file, and are encrypted using the user name as the encryption key. The funny thing is, in windows, the pwl filename is the username (in most cases). So all the cracker has to do is use the file name (sans .pwl) as the key, and decrypt it.
Again, the pwl file's encryption is necessarily decryptable. It is not a one way function. This is so because the dial-up password needs to be sent unencrypted to the dial-up server - hence windows itself needs to be able to decrypt this password before sending.
Also, win NT domain passwords may have to be sent unencrypted if the server is configured that way.