Getting user name/password of the logged in user in Windows

Question

Hello all,

Is there any API to get the currently logged in user's name and password in Windows?

Thank you in advance.

Answer 1

I'd consider it a huge security flaw if that were possible!

Answer 2

GetUserName will get you the name, but the password you can't get. It's not even something Windows stores, AFAIK - only a hash of your password.

Depending on what you're trying to achieve (you can tell us a bit more..) it's possible to impersonate a logged on user and do stuff on his/her behalf.

Answer 3

You can't get the password of a user since its encrypted (not to mention that its a standard practice not to store passwords in plaintext).

For getting the username, you can use GetUserName or NPGetUser

Answer 4

You can get the user name with GetUserName(), but you cannot get the password; this would violate security for dummies 101.

Answer 5

Password: No, this is not retained for security reasons - it's used, then discarded. You could retrieve the encrypted password for this user from the registry, given sufficient privileges, then decrypt it using something like rainbow tables, but that's extremely resource intensive and time consuming using current methods. Much better to prompt the user.

Alternatively, if you want to implement some sort of 'single signon' system as Novell does, you should do it via either a GINA (pre-Vista) or a Credential Provider (Vista), which will result in your code being given the username and password at login, the only time at which the password is available.

For username, getting the current username (the one who is running your code) is easy: the GetUserName function in AdvApi32.dll does exactly this for you.

If you're running as a service, you need to remember there is no one "logged in user": there are several at any time, such as LocalSystem, NetworkService, SYSTEM and other accounts, in addition to any actual people. This article provides some sample code and documentation for doing that.

Answer 6

Note sure how it is done, but "Network Password Recovery" tool from http://www.nirsoft.net/utils/network_password_recovery.html seems to get the password from some cache.

Answer 7

Full details of Authentication in the Windows API can be found on MSDN: http://msdn.microsoft.com/en-us/library/aa374735(VS.85).aspx

Answer 8

Alternatively, you can use Windows Management Instrumentation (WMI), either in a standalone script(.js file) or from within C++, to retrieve a list of logged-in users:

var wmiService, compSystem;

wmiService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2");
// the '.' denotes local system, it can be replaced with the name of the remote machine

compSystem = wmiService.ExecQuery("Select * from Win32_ComputerSystem");

var enumItems = new Enumerator(compSystem);

for (; !enumItems.atEnd(); enumItems.moveNext())
{
 var item = enumItems.item() WScript.echo("Logged in user: " + item.UserName);
}

Answer 9

re "Network Password Recovery" tool
Windows (upto XP) stores a copy of the passwd with a simpler easy to break encryption - for connecting to older style lanmanager network shares. The tools generaly try all possible passwords against this, using rainbow tables (precaluted encrypted versions of dictionary words) speeds this up.

In XPsp2/3 Vista this feature is removed. The new encryption is much harder to crack and needs many hours to try all possible values, there are online services that will run it on large number of machines to give you a quick answer for a price.

To answer the original poster - you do not generally store the password and compare it with what the user typd in. You encrypt (actually hash) the entered password and store that. To check a password you perform the same encryption on whatever the user enetered and compare that. It is generally impossible to go from the encrypted form back to the real password.

EDIT I suspect you are asking the wrong question here - why do you want the password, what are you trying to verify and when?