Penetration Testing mailing list archives
Extract credentials directly from registry hives [tool release]
From: "Brendan Dolan-Gavitt" <mooyix () gmail com>
Date: Wed, 20 Feb 2008 20:55:38 -0500
Hey pen testers, Ever wanted to extract LSA secrets, dump cached domain hashes, or just get the local LM and NT hashes from a Windows box without booting into Windows? Or maybe you came by some registry hives but don't have access to the original box they came from -- cachedump and lsadump2 won't work in this case. Or perhaps you just want to learn how the obfuscation algorithms in Windows work without digging through hard-to-read C. To solve these problems, I announce CredDump: http://code.google.com/p/creddump/
From the README:
--- creddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts: * LM and NT hashes (SYSKEY protected) * Cached domain passwords * LSA secrets It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way. It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only available on Windows). --- I hope this will be of use to you all. Please let me know if you discover any bugs! Cheers, Brendan PS: For a slightly more detailed introduction to the tool, see: http://moyix.blogspot.com/2008/02/creddump-extract-credentials-from.html ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Extract credentials directly from registry hives [tool release] Brendan Dolan-Gavitt (Feb 21)