HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 55 guests and 1 member online
 
Advertisement

You are here: Home arrow Resourcesarrow Toolsarrow pwdump2
EH-Net
May 19, 2013, 09:11:20 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
EH-Net > Resources > Tools (Moderator: don) > pwdump2
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: pwdump2  (Read 5233 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« on: April 12, 2006, 11:12:54 PM »
This tool that dumps password hashes was last updated April 6, 2000 but can still be used.

Quote
What's New?

It's been a while since pwdump2 was first released, and it's time for an update. This new version adds two new features:

-It can now dump password hashes from Active Directory. (The original version wasn't able to do this.)
-It can determine the pid of lsass automatically, so you don't need to supply it on the command line.
What is pwdump2?

This is an application which dumps the password hashes (OWFs) from NT's SAM database, whether or not SYSKEY is enabled on the system. NT Administrators can now enjoy the additional protection of SYSKEY, while still being able to check for weak users' passwords. The output follows the same format as the original pwdump (by Jeremy Allison), and can be used as input to l0phtcrack, or used with Samba. You need the SeDebugPrivilege for it to work. By default, only Administrators have this right, so this program does not compromise NT security.

How do I use it?

First, of course, back your system up, and try it on a test machine. Take both the pwdump2.exe and samdump.dll files and place them together in a directory on your NT box's local file system. Then, just run

[c:\pwdump2] pwdump2

and the contents of the SAM will be written to the console. To capture the output in a file, run, e.g. "pwdump2 > passwd.txt".

This newer version of pwdump2 is able to find the pid of lsass.exe automatically. Several people send me source code to do this, but they all required an extra DLL, which is why I never incorporated them. Recently, Gary Nebbett published Windows NT/2000 Native API Reference, an invaluable reference, documenting virtually every undocumented NT kernel call. Among other things, it demonstrates a method of determining pids without linking to more DLLs. pwdump2 now includes code which does this. If for some reason pwdump2 fails to determine the proper pid, it will complain and exit. You can still specify the pid on the command line, to work around this possibility. Determine the process id of lsass.exe. (You can do this with Task Manager.). Then, assuming the pid is, e.g. 43, run:

[c:\pwdump2] pwdump2 43

For more info and downloads:
http://www.bindview.com/Services/RAZOR/Utilities/Windows/pwdump2_readme.cfm

Don
« Last Edit: April 12, 2006, 11:15:37 PM by don » Logged
CISSP, MCSE, CSTA, Security+ SME
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.