pwdump

From Wikipedia, the free encyclopedia
Jump to: navigation, search

pwdump is the name of various Windows programs that output the LM and NTLM password hashes of local user accounts from the Security Account Manager (SAM). In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped. Pwdump could be said to compromise security because it could allow a malicious administrator to access user's passwords.

History[edit]

The initial program called pwdump was written by Jeremy Allison. He published the source code in 1997 (see open-source).[1] Since then there have been further developments by other programmers:

  1. pwdump (1997) — original program by Jeremy Allison.[2]
  2. pwdump2 (2000) — by Todd Sabin of Bindview (GPL), uses DLL injection.[3]
  3. pwdump3 — by Phil Staubs (GPL), works over the network.[citation needed]
    • pwdump3e — by Phil Staubs (GPL), sends encrypted over network.[citation needed]
  4. pwdump4 — by bingle (GPL), improvement on pwdump3 and pwdump2.[citation needed]
  5. pwdump5 — by AntonYo! (freeware).[citation needed]
  6. pwdump6 (c. 2006) — by fizzgig (GPL), improvement of pwdump3e. NO source code.[citation needed]
    • fgdump (2007) — by fizzgig, improvement of pwdump6 w/ addons. No source code.[citation needed]
  7. pwdump7 — by Andres Tarasco (freeware), uses own filesystem drivers. No source code.[citation needed]

Notes[edit]

References[edit]

External links[edit]

  • Openwall password tools - with copies of pwdump, pwdump2, pwdump3, pwdump3e, pwdump4, pwdump5, pwdump6, fgdump, and pwdump7