[go: up one dir, main page]
Scribd
Upload
112 views2 pages

Read Me

This document describes Pwdump version 7.1, a password extraction tool that can dump passwords directly from a system's disk files rather than injecting code or using administrative shares. It works by using its own filesystem driver to access the SYSTEM and SAM registry hives directly. The tool can dump passwords from these files or copy an alternate SAM or SYSTEM file to extract passwords offline. Future updates are planned to modify passwords in memory and support dumping domain passwords from the NTDS file.

Uploaded by

BABSONICO_13
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
112 views2 pages

Read Me

This document describes Pwdump version 7.1, a password extraction tool that can dump passwords directly from a system's disk files rather than injecting code or using administrative shares. It works by using its own filesystem driver to access the SYSTEM and SAM registry hives directly. The tool can dump passwords from these files or copy an alternate SAM or SYSTEM file to extract passwords offline. Future updates are planned to modify passwords in memory and support dumping domain passwords from the NTDS file.

Uploaded by

BABSONICO_13
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

======================================================================== Pwdump version 7.1 - 07/01/2007 Andres Tarasco Acuna atarasco_[at]_gmail.com http://www.514.es ======================================================================== Why another pwdump software?

------------------------------------------Every pwdump / samdump applications have their own way to work, for example creating services, inyecting code to lsass process however there are always ways to stop that software for working like for example just disablin g administrative shares most pwdump applications will stop working. However, pwdump7 works in a different way. This software works with their own filesytem driver ( from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hive s. Once dumped, the syskey key will be retrieved from the SYSTEM hive and then used to decrypt both lanman and ntlm hashes and dump them in pwdump like format. usage: -----D:\>pwdump7.exe -h Pwdump v7.1 - raw password extractor Author: Andres Tarasco Acuna url: http://www.514.es usage: pwdump7.exe pwdump7.exe -s <samfile> <systemfile> pwdump7.exe -d <filename> [destionation] pwdump7.exe -h dump passwords: ---------------D:\>PwDump7.exe Pwdump v7.1 - raw password extractor Author: Andres Tarasco Acuna url: http://www.514.es administrator:500:25FC25A0CA659E57ACEDB07452AB7A8E:6C1B3BE8D28CD3E7AB63122C8A572 DDF::: guest:501:0E175C3EFF8EED1652440321FCD91E4E:2850991451071A5B7A95F2977D4AAEF0::: atarasco:1001:45C6AEEDC857A06DC595236F8F5FECAA:D0253497114C1B4CC337210F4580A716: :: dump locked file: ----------------D:\>PwDump7.exe -d c:\pagefile.sys pagefile.dmp (Dump (Dump (Copy (Show system passwords) passwords from files) filename to destionation) this help)

Pwdump v7.1 - raw password extractor Author: Andres Tarasco Acuna url: http://www.514.es saving c:\pagefile.sys as pagefile.dmp File pagefile.dmp saved dump from alternate source: --------------------------d:\>pwdump7.exe -s c:\sam.dmp c:\system.dmp

TODO: ----This version is still beta and have some limitations but i will continue working on it - password modification on the fly, updating SAM passwords. the changed password will work once the system is rebooted, and there will be no traces about account compromis e. - link with openssl libraries. This time you need the libeay32.dll lib in your p ath :) - Add domain passwords support. At this time, domain passwords are stored at c:\ windows\ntds\ntds.dit but the cipher is still unknown. If you have information a bout it, please contact me.

Changelog: ---------v7.1 - Added Fat32 support - Added dumpfile support - Added support for alternative sam and system files (offline analysis) v7.0 - first release, works with ntfs

You might also like