Jump to content

pwdump

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Oshwah (talk | contribs) at 02:14, 26 August 2015 (Reverted edits by 202.57.33.14 (talk): Not adhering to neutral point of view (HG) (3.1.14)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.


pwdump is the name of various Windows programs that output the LM and NTLM password hashes of local user accounts from the Security Account Manager (SAM). In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped. Pwdump could be said to compromise security because it could allow a malicious administrator to access user's passwords. Most of these programs are open-source.

  1. pwdump - original program by Jeremy Allison (public domain, source available)
  2. pwdump2 - by Todd Sabin of Bindview (GPL), uses DLL injection
  3. pwdump3 - by Phil Staubs (GPL), works over the network
    • pwdump3e - by Phil Staubs (GPL), sends encrypted over network
  4. pwdump4 - by bingle (GPL), improvement on pwdump3 and pwdump2
  5. pwdump5 - by AntonYo! (freeware)
  6. pwdump6 - by fizzgig (GPL), improvement of pwdump3e
    • fgdump - by fizzgig, improvement of pwdump6 w/ addons
  7. pwdump7 - by Andres Tarasco (freeware), uses own filesystem drivers
  • Openwall password tools - with copies of pwdump, pwdump2, pwdump3, pwdump3e, pwdump4, pwdump5, pwdump6, fgdump, and pwdump7