MRL WikiMain Page | About | Help | FAQ | Special pages | Log in


Printable version | Disclaimers | Privacy policy

Pwdump

From MRL Wiki

pwdump is a Windows password hash dumper. This program has a particularly interesting as it changed authors and gradually gained advanced functionality such as network auditing, encryption, etc.

Contents

[edit] Features

pwdump is capable of extracting the following password hashes:

[edit] pwdump

The original pwdump was written by Jeremy Allison in 1997. It was originally designed as a "handy utility" do dump the password database of an NT machine into a valid smbpasswd format file to allow Samba adminsitrators to easily sync user accounts with Windows networks. The original pwdump targets LM and NT MD4 hashed passwords available in SAM database. You can get the original pwdump here:

http://samba.osmirror.nl/samba/ftp/pwdump/pwdump.c

[edit] pwdump2

pwdump2 was developed by Todd Sabin in 1998. The need for an updated version came as a result of introduction of Syskey in Windows NT4 Service Pack 3. An updated version of pwdump2 was released in the year 2000 just in time for the release of Windows 2000 which introduced Active Directory. You can get the latest version of pwdump2 here:

http://www.bindview.com/Resources/RAZOR/Files/pwdump2.zip

[edit] pwdump3

pwdump3 was released by Phil Staubs in 2001. The latest incarnation of pwdump adds support to remotely audit Windows NT machines by running pwdump3 remotely as a service. To prevent interception of password hashes over the network pwdump3e was released to include strong encryption mechanism. You can get the latest version of pwdump3 here:

http://www.openwall.com/passwords/dl/pwdump/pwdump3e.zip

[edit] pwdump4

pwdump4 was developed by bingle in 2003. It combined the best features of the previous two releases to allow both remote and local password dumping. It also fixed some bugs which prevented normal operation of pwdump under certain Windows installations.

[edit] pwdump5

pwdump5 was written by AntonYo! in 2004. This version adds ability to display the 128-bit encryption key, which was used to encrypt password hashes. You can get the latest version of pwdump5 here:

http://www.openwall.com/passwords/dl/pwdump/pwdump5.zip

[edit] pwdump6

pwdump6 was released by fizzgig and the foofus.net Team in 2005. This version of pwdump continues where pwdump3 left off by adding remote dumping much like pwdump4. In later version it also adds Blowfish encryption to secure communication with remote Windows hosts and evade IDS signatures. Important note about pwdump6 is its clever work around "extra" protections added by Windows XP SP2. This version is actively maintained and new releases are available here:

http://www.foofus.net/fizzgig/pwdump/

Image:pwdump.gif

[edit] Videos

[edit] See Also

Retrieved from "http://midnightresearch.com/wiki/index.php/Pwdump"

This page has been accessed 8,455 times. This page was last modified on 20 January 2008, at 13:53.


Find

Browse
Main Page
Community portal
Current events
Recent changes
Random page
Help
Edit
Edit this page
Editing help
This page
Discuss this page
New section
Printable version
Context
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list
Statistics
Moreā€¦