pwdump is the name of a group of programs for Windows aimed at extracting hashes of LM or NTLM passwords from user accounts from the credential administrator in the security system ( SAM ) of the local machine. For the program to work, it must be run with administrator privileges, so pwdump does not bypass the security system unconditionally. Most of the source code for these programs is open.
Utility Creation Procedure
- pwdump is an original program written by Jeremy Allison
- pwdump2 - written by Todd Sabin of Bindview under the GPL, uses DLL injection
- pwdump3 - written by Phil Staubs under the GPL, runs over a network
- pwdump3e - also written by Phil Staubs under the GPL, but uses encryption algorithms
- pwdump4 - written by bingle under the GPL, is an improved version of pwdump3 and pwdump2
- pwdump5 - written by AntonYo! (freeware)
- pwdump6 - written by fizzgig under the GPL, is an improvement on the version of pwdump3e
- fgdump - written by fizzgig, is pwdump6 with add-ons
- pwdump7 - written by Andres Tarasco (freeware), uses native file system drivers
- pwdump8 - written by Enrico Maricone under the GPL, is an improved version of pwdump7
Openwall password tools - contains analogies of pwdump2, pwdump3, pwdump3e, pwdump4, pwdump5, pwdump6, and pwdump7.
It also discusses the COPYPWD utility from System Tools , which can import password hashes for system transfer or password synchronization.
See also
- SKCLONE - imports and exports passwords on 32-bit and 64-bit Windows systems.