Getting user name/password of the logged in user in Windows

Question

Is there any API to get the currently logged in user's name and password in Windows?

Thank you in advance.

Answer 1

Password: No, this is not retained for security reasons - it's used, then discarded. You could retrieve the encrypted password for this user from the registry, given sufficient privileges, then decrypt it using something like rainbow tables, but that's extremely resource intensive and time consuming using current methods. Much better to prompt the user.

Alternatively, if you want to implement some sort of 'single signon' system as Novell does, you should do it via either a GINA (pre-Vista) or a Credential Provider (Vista), which will result in your code being given the username and password at login, the only time at which the password is available.

For username, getting the current username (the one who is running your code) is easy: the GetUserName function in AdvApi32.dll does exactly this for you.

If you're running as a service, you need to remember there is no one "logged in user": there are several at any time, such as LocalSystem, NetworkService, SYSTEM and other accounts, in addition to any actual people. This article provides some sample code and documentation for doing that.

Answer 2

I'd consider it a huge security flaw if that were possible!

Answer 3

You can't get the password of a user since its encrypted (not to mention that its a standard practice not to store passwords in plaintext).

For getting the username, you can use GetUserName or NPGetUser

Answer 4

Note sure how it is done, but "Network Password Recovery" tool from http://www.nirsoft.net/utils/network_password_recovery.html seems to get the password from some cache.

Answer 5

For the many commenters who believe it is not possible to reveal the password of the currently logged-in user, see Dump cleartext passwords of logged in user(s) which shows how to use mimikatz to do just that:

mimikatz # privilege::debug
Demande d'ACTIVATION du privilège : SeDebugPrivilege : OK

mimikatz # sekurlsa::logonPasswords full
...
Utilisateur principal       : user
Domaine d'authentification  : domain
        kerberos :
         * Utilisateur  : user
         * Domaine      : domain
         * Mot de passe : pass

Answer 6

GetUserName will get you the name, but the password you can't get. It's not even something Windows stores, AFAIK - only a hash of your password.

Depending on what you're trying to achieve (you can tell us a bit more..) it's possible to impersonate a logged on user and do stuff on his/her behalf.

Answer 7

Full details of Authentication in the Windows API can be found on MSDN: http://msdn.microsoft.com/en-us/library/aa374735(VS.85).aspx

Answer 8

I don't know about the windows login password... but you can definitely pull plaintext passwords from the Credentials Manager. For example here is a program to pull the password for TFS. In most cases, this is the same as the Windows Login.

namespace ShowPassword
{
    using Microsoft.TeamFoundation.Client;
    using System;
    using System.Net;

    class Program
    {
        static void Main(string[] args)
        {
            var tpc = new TfsTeamProjectCollection(new Uri("http://mycompany.com/tfs"));
            var nc = tpc.Credentials as NetworkCredential;
            Console.WriteLine("the password is " + nc.Password);
        }
    }
}

I compiled this as "console" app under vs 2015 with Nuget package TeamFoundation ExtendedClient.

Answer 9

You can get the user name with GetUserName(), but you cannot get the password; this would violate security for dummies 101.

Answer 10

re "Network Password Recovery" tool
Windows (upto XP) stores a copy of the passwd with a simpler easy to break encryption - for connecting to older style lanmanager network shares. The tools generaly try all possible passwords against this, using rainbow tables (precaluted encrypted versions of dictionary words) speeds this up.

In XPsp2/3 Vista this feature is removed. The new encryption is much harder to crack and needs many hours to try all possible values, there are online services that will run it on large number of machines to give you a quick answer for a price.

To answer the original poster - you do not generally store the password and compare it with what the user typd in. You encrypt (actually hash) the entered password and store that. To check a password you perform the same encryption on whatever the user enetered and compare that. It is generally impossible to go from the encrypted form back to the real password.

EDIT I suspect you are asking the wrong question here - why do you want the password, what are you trying to verify and when?