MessenPass is a free password cracking tool that will easily reveal passwords of your AOL, Yahoo! Messenger, Google Talk, MSN or any other instant messenger clients.
Since most messengers (like Google Talk or Yahoo! Messenger) require the same username / password combination to login as the mail account, MessenPass can effectively be used to recover your (or someone else's) Google Account, AOL or Yahoo! Mail password.
And it works like a charm. [I was absolutely shocked to see my GMail password on the screen the moment I ran this 47 kb utility]
MessenPass works only if you have selected the "Remember Password" setting while logging into your messenger program. It detects the Instant Messenger applications installed on your computer, decrypts the passwords they store, and displays all user name/password pairs in a text or Excel file.
This may be a useful but quite dangerous tool as well - it's so small that it can run off your USB drive and requires no installation - imagine while you are on a trip to the pantry for a cup of coffee and anyone can access your login credentials by plugging in the USB drive.
The only workaround is to deselect the "Remember password" while starting your IM client. MessenPass doesn't crack Skype or Hotmail passwords yet.
Download MessenPass [IM Password Recovery Software]
Reader Comments
Bloody risky. Not sure if we shud see such softwares being reviewed on DI.
Written on 9/4/07 11:37 PM
I am absolutely shocked to see a review of this kind of evil softwares in DI.
Written on 10/4/07 9:40 AM
Its a Virus. Zip file downloaded has the virus caught by McAfee 8.0.
Written on 10/4/07 10:37 AM
This is disgusting...not only this is unethical, Symantec AV detected Hacktool.PassReminder virus in this software.
Written on 10/4/07 10:45 AM
it is one of da hackers best -easy to use tools
these can be used by hackers if they have fizical access to the victims computer
Written on 10/4/07 11:54 AM
The exe file is a trojan
Written on 10/4/07 1:06 PM
What a crap! All along I was assuming that these clients don't store passwords locally, but use some magic cookies to login.
Isn't it how they are sopposed to work, at least in principle?
And Amit, since people are saying that it is a virus/trojan, very likely that it could have passed your information to some bad guy. May be you should change your passwords.
And ofcouse, you should be careful about what you are reviewing here.
Written on 10/4/07 6:34 PM
maybe its classified as virus/trojan because it is a known password cracking tool!
Written on 11/4/07 6:55 PM
it is not a virus or something!
all those stupid anti-virus softwre's detect this as a virus becus its a cracking tool! ( a famous one indeed)
try scanning it with kaspersky anti-virus
which is much better than norton
Written on 13/4/07 1:39 AM
It's not a virus. Its just that, the backend used was tagged as a virus by AV vendors because it is being used by other people for their evil purposes - to steal your info.
This one uses it exactly as its explained.
You can go download the latest Nero, AV softwares will detect Nero Toolbar as a virus as well, while some as a trojan, while some as an adware. Does that mean, Nero is distributing a virus?
Though I agree, something like this should be left alone... if someone really need a tool like this, s/he will find it for sure.
Great blog.
Written on 17/4/07 8:53 PM
I'm not sure what kind of 'magic cookie' you are thinking about, but any program that remembers your password would have to store it or some equivalent authentication information locally. Especially if the program is open source like GAIM, it isn't that difficult to extract this information (I even wrote a utility from scratch in high school to extract my AIM passwords). Aside from the legitimate uses of this program, people in the security community also write things like this to expose security vulnerabilities or exploits so users can be aware of them. Would you rather only the hackers have access to this type of thing? The bottom line is if someone has access to your computer, they can find out everything it knows, so if you don't want your computer (and thus anyone who accesses it) to be able to log in for you, don't tell it to remember your passwords.
I find Symantec's classification of this as malicious software to be particularly aggravating as I am currently trying to recover my MSN password from my old computer so I can use the same account on my new computer. Symantec won't let me even unzip the file, and since I'm joined to a domain, I can't find any way to reconfigure or temporarily disable it.
Written on 23/5/07 7:58 PM
Does this have to be installed on the person's computer? I'm trying to figure out my b/f's AOL password, but I don't have access to his computer. Any help is appreciated!
Written on 7/9/07 11:13 AM