Edit: this article has been superseeded by a newer version, implemented in Phython: WinSCP session password decryption - Part 2
So today I decided to access my web hosting account via scp from my Linux partition. But of course, I had forgotten my password! So I used the “Offline NT Password & Registry Editor” to extract the necessary settings (from Windows 7 partition):
Open the file
C:\Users\<UserName>\NTUSER.dat
and inside regedit navigate (via “cd”) to
\Software\Martin Prikryl\WinSCP 2\Sessions\<SessionName>
From this key, you need the values “Password” (only possible if saved, very long string), “Host” and “UserName”.
Finally I reverse engineered the WinSCP source code, which was especially hard because it origins in Delphi, where all strings and arrays are 1-based. My final decrypter code:
Usage (using the values from the registry key):
./decrypter HostName UserName Password
I hope that this will save someone elses time, too!