.

fgdump v2.0.0 Released

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri May 02, 2008 4:35 pm

fgdump v2.0.0 Released

Just in case you didn't know, fgdump is now the tool to use for dumping password hashes from Windows systems.

04/25/2008:

I love having time to update tools.

I got around to adding 64-bit support to pwdump (1.7.0) and cachedump (technically referring to it as 2.0), which means I needed to build a new version of fgdump. At the same time, I rolled out a few new features which I've either been sitting on, or have been talking about for awhile. And of course, as is typical with new releases, most AV is blind at least for a bit. :) Here's a list of things that have changed:


- fgdump will now detect 64-bit targets and report them as such
- 64-bit pwdump and cachedump will be used when the target is detected as 64-bit
- Fixed a problem when connecting to some Samba servers where RegQueryValueEx would not behave as expected
- fgdump will now generate a session ID during each run - used to correlate failed logs and regular logs
- Added command line to log file
- Added session ID to log file
- Created a new file with the format (session-id).failed which contains greppable data on failed hosts
- A log file is always generated of the format (session-id).fgdump-log
- -l will now override the default log name (see above)
- Added -a option to prevent tampering with AV. This is useful if you know AV is not picking it up, you want to tamper with the target as little as possible

A couple of notes about the log files. First off, a log file will ALWAYS be generated now, and will contain the date and time of the run. You can override this using -l if you want it to be named something specific. fgdump will now also generate a .failed file, which will contain a list of hosts that were unsuccessful. This file contains greppable records so you can quickly identify what hosts failed, why, and if there are still processes running on the host. This should help during the cleanup phase. The fields in this file are as follows (all separated by "|" characters):

1. Host IP/name
2. Windows error number (e.g. 5 for access denied)
3. 1 if processes are still (possibly) running on the target, 0 if everything should be cleaned up
4. Text of the error, if available

Additionally, the command line used to invoke fgdump is stored in the log file now. This means, if you pass the password on the command line, IT WILL BE RECORDED IN THE LOG FILE! If this bothers you, please omit the -p parameter and simply provide the password when fgdump asks for it. Please also note that this version has quite a number of changes in it and, while I'm releasing it as non-beta, there is a higher-than-normal chance for bugginess. As usual, please report any issues you find.


Get  it here:
http://swamp.foofus.net/fizzgig/fgdump/downloads.htm

Don
CISSP, MCSE, CSTA, Security+ SME
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sat May 03, 2008 4:04 am

Re: fgdump v2.0.0 Released

Cheers Don,

I'm about to do some work in the windows domain so I'll add the updated version to my toolbox.
<<

rdkumarj

Newbie
Newbie

Posts: 4

Joined: Sat Feb 16, 2008 2:24 pm

Post Wed Jun 18, 2008 10:45 pm

Re: fgdump v2.0.0 Released

Hi

  Thanks for this tool , Such a Nice One...
<<

BanDx

Newbie
Newbie

Posts: 1

Joined: Thu Jun 26, 2008 12:36 pm

Post Thu Jun 26, 2008 12:42 pm

Re: fgdump v2.0.0 Released

If I run fgdump from my PC to dump from a remote server that is a domain controller is anything installed on the remote server? Is there any risk to the domain controller?

Here is a sample of the command I want to run:
fgdump.exe –h 192.168.0.10 –k -u administrator –p password

Thanks in advance.
<<

LSOChris

Post Thu Jun 26, 2008 12:57 pm

Re: fgdump v2.0.0 Released

i dont remember is fgdump installs itself as a service or just does dll injection to dump the hashes, it should be in the documentation though.

keep in mind, anytime you start playing with those types of tools there is the "possibility" of messing something up, usually not permanently though.  a reboot usually fixes it, but that might suck for a DC.

Return to Tools

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software