PwDump7

PwDump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped, the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.

https://isc.sans.edu/diaryimages/images/ScreenShot091.pngpwdump7 by ADI
Windows NT family (up through XP, 7, 8, 8.1, 10 or later), free
Download local copy of pwdump7 revision 7.1 (505 KB)

0 comments:

Subscribe to: Post Comments (Atom)