Pwdump
   HOME

TheInfoList



Click Here for Items Related To - Pwdump
OR:
Pwdump on:   [Wikipedia]   [Google]   [Amazon]

pwdump is the name of various Windows programs that outputs the LM and
NTLM In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft L ...
password hashes of local user accounts from the
Security Account Manager The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista, Windows 7, 8.1, 10 and 11 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory a ...
(SAM) database and from the Active Directory domain's users cache on the operating system. It is widely used, to perform both the famous pass-the-hash attack or also can be used to brute-force users' password directly. In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped. Pwdump could be said to compromise security because it could allow a malicious administrator to access user's passwords.


History

The initial program called pwdump was written by
Jeremy Allison Jeremy Allison is a computer programmer known for his contributions to the free software community, notably to Samba, a re-implementation of SMB/CIFS networking protocol, released under the GNU General Public License. Other contributions in ...
. He published the
source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...
in 1997 (see
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
). see ''pwdump.c'' Since then there have been further developments by other programmers: #pwdump (1997) — original program by Jeremy Allison. #pwdump2 (2000) — by Todd Sabin of Bindview (
GPL The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general u ...
), uses DLL injection. #pwdump3 — by Phil Staubs (GPL), works over the network. #*pwdump3e — by Phil Staubs (GPL), sends encrypted over network. #pwdump4 — by bingle (GPL), improvement on pwdump3 and pwdump2. #pwdump5 — by AntonYo! (freeware). #pwdump6 (c. 2006) — by fizzgig (GPL), improvement of pwdump3e. No source code. #*fgdump (2007) — by fizzgig, improvement of pwdump6 w/ addons. No source code. #pwdump7 — by Andres Tarasco (freeware), uses own filesystem drivers. No source code. #pwdump8 — by Fulvio Zanetti and Andrea Petralia, supports AES128 encrypted hashes (Windows 10 and later). No source code.


Notes


References

* * * Windows security software Cryptographic attacks Free security software Command-line software {{Security-software-stub