[Full-disclosure] New Windows tool - PWDumpX v1.1 (with CacheDump functionality)
- From: "Reed Arvin" <reedarvin@xxxxxxxxx>
- Date: Wed, 20 Dec 2006 11:24:55 -0700
New Windows tool - PWDumpX v1.1 (with CacheDump functionality)
Tool location: http://reedarvin.thearvins.com/tools/PWDumpX11.zip
PWDumpX version 1.1 allows a user with administrative privileges to
retrieve the domain password cache, password hashes and LSA secrets
from a Windows system. This tool can be used on the local system or on
one or more remote systems.
If an input list of remote systems is supplied, PWDumpX will attempt
to obtain the domain password cache, the password hashes and the LSA
secrets from each remote Windows system in a multi-threaded fashion
(up to 64 systems simultaneously).
The domain password cache, password hashes and LSA secrets from remote
Windows systems are encrypted as they are transfered over the network.
No data is sent over the network in clear text.
This tool is a completely re-written version of CacheDump, PWDump3e
and LSADump2 which integrates suggestions/bug fixes for PWDump3e and
LSADump2 found on various web sites, etc.
Source code included.
My intent with including the source code along with this tool is to
give something back to the I.T. security community. I learned a lot
while creating PWDumpX but I could not have done it without the
original source code for CacheDump, PWDump2, PWDump3e, and LSADump2.
So...thanks to the creators of these tools for being generous enough
to include the source code with these tools so that hungry minds can
learn new things.
Tool homepage: http://reedarvin.thearvins.com/tools.html
Written by Reed Arvin <reedarvin@xxxxxxxxx>.
Reed Arvin <reedarvin@xxxxxxxxx>
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] [SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution
- Next by Date: Re: [Full-disclosure] [WEB SECURITY] comparing information security to other industries
- Previous by thread: [Full-disclosure] [SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution
- Next by thread: [Full-disclosure] Windows is very holy