Pwdump
Encyclopedia
pwdump is the name of various Windows programs that output the LM
and NTLM
password hashes of local user accounts from the Security Account Manager
(SAM). In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped. Pwdump could be said to compromise security because it could allow a malicious administrator to access user's passwords. Most of these programs are open-source.
LM hash
LM hash, LanMan, or LAN Manager hash was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords...
and NTLM
NTLM
In a Windows network, NTLM is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users....
password hashes of local user accounts from the Security Account Manager
Security Account Manager
The Security Accounts Manager is a registry file in Windows NT, Windows 2000, Windows XP, Windows Vista and Windows 7. It stores users' passwords in a hashed format...
(SAM). In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped. Pwdump could be said to compromise security because it could allow a malicious administrator to access user's passwords. Most of these programs are open-source.
- pwdump - original program by Jeremy AllisonJeremy AllisonJeremy Allison is a computer programmer known for his contributions to the free software community, notably to Samba, a re-implementation of SMB/CIFS networking protocol, released under the GNU General Public License....
(public domain) - pwdump2 - by Todd Sabin of Bindview (GPL), uses DLL injection
- pwdump3 - by Phil Staubs (GPL), works over the network
- pwdump3e - by Phil Staubs (GPL), sends encrypted over network
- pwdump4 - by bingle (GPL), improvement on pwdump3 and pwdump2
- pwdump5 - by AntonYo! (freeware)
- pwdump6 - by fizzgig (GPL), improvement of pwdump3e
- fgdump - by fizzgig, improvement of pwdump6 w/ addons
- pwdump7 - by Andres Tarasco (freeware), uses own filesystem drivers
- Openwall password tools - with copies of pwdump, pwdump2, pwdump3, pwdump3e, pwdump4, pwdump5, pwdump6, fgdump, and pwdump7