PassPort – Password manager plugin for LabTech

On December 23, 2014, in Projects, Scripting, by Cubert aka (Cube Dweller)

passport-600

PassPort is a password manager for plugin LabTech that leverages several applications to query Windows systems for passwords saved in Web Browsers, Instant Messengers, Network (VPN) and Dialup accounts and local email accounts and imports the information back into the LabTech database. You can then access this information inside of LabTech under the computer console on each PC.

 

website-view

 

 

 

im-view

 

 

 

email-view

 

 

configure-view

 

 Version 1.0.1 now available for download

download

 

 

 

 

 

 

We leverage several apps from Nirsoft to collect the password information and include up to date versions with our zip file download. Nirsoft tools can be found here at  http://www.nirsoft.net/

 

We use MailPassView:

Mail PassView is a small password-recovery tool that reveals the passwords and other account details for the following email clients: 

  • Outlook Express
  • Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
  • Microsoft Outlook 2002/2003/2007/2010/2013 (POP3, IMAP, HTTP and SMTP Accounts)
  • Windows Mail
  • Windows Live Mail
  • IncrediMail
  • Eudora
  • Netscape 6.x/7.x (If the password is not encrypted with master password)
  • Mozilla Thunderbird (If the password is not encrypted with master password)
  • Group Mail Free
  • Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
  • Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
  • Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.

 

We use WebBrowserPassView:

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 – 11.0), Mozilla Firefox (All Versions), Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser.

  • This utility works on any version of Windows, starting from Windows 2000, and up to Windows 8, including 64-bit systems. Older versions of Windows (Windows 98/ME) are not supported, because this utility is a Unicode application.
  • Currently, WebBrowserPassView cannot retrieve the passwords if they are encrypted with a master password. Support for master password will probably be added in future versions.
  • Currently, WebBrowserPassView cannot retrieve passwords from external hard-drive. Support for that might be added in future versions.
  • On Internet Explorer 7.0-9.0, the passwords are encrypted with the URL of the Web site, so WebBrowserPassView uses the history file of Internet Explorer to decrypt the passwords. If you clear the history of Internet Explorer, WebBrowserPassView won’t be able to decrypt the passwords.
  • On Google Chrome – passwords originally imported from Internet Explorer 7.0-9.0, cannot be decrypted.

 

We use DialupPassView:

This utility enumerates all dialup/VPN entries on your computers, and displays their logon details: User Name, Password, and Domain. You can use it to recover a lost password of your Internet connection or VPN. This utility works under Windows 2000, Windows XP, Windows 2003/2008, Windows Vista, and Windows 7. The passwords are revealed only if you log on to the computer with administrator privileges.


We use MessenPass:

MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:

  • MSN Messenger
  • Windows Messenger (In Windows XP)
  • Windows Live Messenger (In Windows XP/Vista/7)
  • Yahoo Messenger (Versions 5.x and 6.x)
  • Google Talk
  • ICQ Lite 4.x/5.x/2003
  • AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
  • Trillian
  • Trillian Astra
  • Miranda
  • GAIM/Pidgin
  • MySpace IM
  • PaltalkScene
  • Digsby

MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.

 

 

 

Tagged with:
 

20 Responses to “PassPort – Password manager plugin for LabTech”

  1. Eric Hall says:

    WOW. What a tool. Thanks! I added a few things to the script so I could disable it from running on a client/location or a PC. I tested it on my PC and it scared the crap out of me! It had stuff I forgot all about. Thanks again for all your work!

  2. MenacingM says:

    This is an awesome plugin but it’s not creating the tables for me at all. Have tried removing and re-adding/enabling. No luck.

    I ran the SQL command (posted on LabtechGeek) to create the email table and it’s one less error I get when loading the plugin.

    Could you post the SQL queries to create the other tables?

  3. Mike says:

    Nice Work as always but this one is failing for me at step 7…

    “The script(5927) failed in the THEN section at step 7”

    Any ideas?

  4. David Pegram says:

    I get the same error as Mike… The script failed in the THEN section at step 7… Thanks!

  5. cubert says:

    Does this happen on all systems your running against?

  6. David Pegram says:

    Yes sir. Everyone I have tried. I am very new to LabTech and I may be doing something wrong.

  7. David Pegram says:

    Hello Cubert… I double checked to make sure the tables where created in the DB and they are there. I checked every table for plugin_sw_passport and there is no data in any table. It appears the script to collect the data is not running or is failing for some reason. Any thoughts? Thanks for any help you can give me.

  8. Vince Kent says:

    Cubert,

    I updated to version 1.0.1 but now the passport tab shows up twice. Is there an easy way to remove?

  9. Bruce Tharp says:

    Thanks for this. It’s helpful when needed. (I needed to recover a website password and username of a terminated employee for a client) – why I loaded it – works great.

    Might the script failing in line 7 be a patience issue. Give the program time to transfer the files to the local machine and it will start working. – was my experience.

  10. David Pegram says:

    After troubleshooting this at length I finally figured it out. Here is why it would not work for me on both systems I tested against:

    1. After running the script I received a UAC error.
    2. After the UAC error, I received an alert from Windows Defender saying it found suspicious software. I had to allow this to run.
    3. For some reason I had to check Skip Mail Collection in the configure tab.

    I believe if you disable UAC and allow the app from Defender it will run or at least it did for me. It would be great if you could get around this so you don’t have to touch every machine if they are not part of Group Policy.

  11. Yes, The apps used to collect this data are targeted by AV applications so Exclusions will need to be created for the LTSVC dir where we copy these files and any UAC can cause issues as we are hacking out passwords from user accounts.

    I am looking at turing this on as part of the script when it runs
    “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = 0”

    but this will not go into effect till a reboot I believe so does not directly resolve the problem.

  12. Hmmm… I get the same error on step 7. I have turned off UAC, ESET and defender but I still get that error on ANY machine I try to run this against. The error message is not very informative as to what exactly is going wrong.

    Also If I check my ltsvc dir, I don’t see any of the nirsoft files.

    Any ideas anyone?

  13. David Pegram says:

    Chris, have you tried checking the skip mail collection? If I have that checked I get the error but without it everything runs fine.

  14. cubert says:

    In the ZIP you downloaded is a transfer directory, this will need to be copied to your Transfer directory

  15. Checking skip mail fixed it for me. Thanks David

  16. David Pegram says:

    No problem! Another thing I had to change just now… Step 18 in the script has the wrong path. I had to change mailboxes in the path to PassPort.

  17. Jason Richmond says:

    Collector error- > There is no row at position 0.

    I receive this error after installing the plugin.
    I’ve copied the files into the transfer directory.
    The tables exist in MYSQL.

    Thanks!

  18. Jason Richmond says:

    Got it – I needed to import the script XML file.
    oops!

  19. Sarge Price says:

    I keep getting:

    The script(5865) failed in the THEN section at step 7
    Start S5865
    IF F1 P1: P2: P3: T:55806.886
    L3 F115 P1: P2:2 P3: T:55807.186
    L6 F196 Parameters Hidden T:55807.286
    L7 F197 P1:sqldataset P2:1 P3: T:55807.386

    I’m using a hosted LTServer if that makes a difference…

  20. David says:

    Google is identifying this page as a malware host and OpenDNS is blocking the plugin zip, likely due to the EXEs inside. It’s a false positive, but still bad news.

    On top of that, it looks like cloud-hosted LT instances have their own AV protection and the EXEs are deleted out of the Transfer folder once uploaded. There is no user-configurable interface for whatever AV is on the server, so no ability to set exclusions.

    I have AV exclusions on the LTSvc dir for all my clients, but it doesn’t matter if the files can’t get there from the hosted server.

    To kill several birds with one stone, would it be possible to bundle the EXEs in a password protected zip/rar/7z file, upload that to the Transfer folder, then have your script download and extract that file once in the LTSvc folder? It’s pretty virus-y behavior, but sometimes these things are just too aggressive and need to be worked around for their own good.

Leave a Reply

*



%d bloggers like this: