Penetration Testing mailing list archives
New version of pwdump, and announcing fgdump!
From: fizzgig () securityfocus com, -AT- () securityfocus com, foofus () securityfocus com, -DOT- () securityfocus com, net () securityfocus com
Date: 22 Dec 2005 20:00:30 -0000
Because we at Foofus networks are generous folks, we've decided to release a number of open source tools just in time for Christmas, which we hope some of you folks will find useful. This particular announcement covers the two that I have been responsible for developing: pwdump6 and fgdump. PWDump6 (http://www.foofus.net/fizzgig/pwdump) Based on the wildly popular pwdump3e, it's been updated and modernized a bit to suit our needs, and has been useful to other folks in the security assessment community as well. It runs very much in a similar fashion as 3e, but has the following changes: - Locates any available, writable share, not just ADMIN$ - Replaces the remote registry method of remote communication with a named pipe method - Eliminates dependency on the CryptoAPI, which appeared to cause certain problems for us in rare circumstances - Marks itself as executable when writing to the LSASS process, thereby avoiding some NX problems If you've had trouble with pwdump crashing some boxen, give pwdump6 a try. fgdump (http://www.foofus.net/fizzgig/fgdump) fgdump really started as a simple wrapper around pwdump. Certain AV programs reacted poorly to pwdump; the worst cases resulted in an AV solution consuming 100% of the CPU, requiring a reboot typically. So initially, fgdump simply shut down AV before running pwdump, but now it does much more. Major features include: - Support for multiple hosts using text files - Automatic binding/unbinding to IPC$ - Detection, automatic shutdown and restart of a number of common AV solutions - Password dumping using pwdump6 - Cached credential dumping using cachedump - Ability to write results to a log, including summaries We are using fgdump quite a lot in our assessments, and it is continuing to evolve. Next up will be the ability to dump LSA secrets, for example. If you tend to forget to stop AV or are looking for a more robust password dumping solution, I highly recommend looking at fgdump. Both tools are GPL licensed and such. I welcome any comments, feedback or feature suggestions, as long as they are constructive of course (send to fizzgig -AT- foofus -DOT- net, unmangled appropriately). Merry Christmas/Happy Holidays! --fizzgig ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- New version of pwdump, and announcing fgdump! fizzgig (Dec 23)