Extract credentials directly from registry hives [tool release]

["Brendan Dolan-Gavitt" <mooyix () gmail com>]

Hey pen testers,

Ever wanted to extract LSA secrets, dump cached domain hashes, or just
get the local LM and NT hashes from a Windows box without booting into
Windows? Or maybe you came by some registry hives but don't have
access to the original box they came from -- cachedump and lsadump2
won't work in this case. Or perhaps you just want to learn how the
obfuscation algorithms in Windows work without digging through
hard-to-read C.

To solve these problems, I announce CredDump:

http://code.google.com/p/creddump/

> From the README:
---
creddump is a python tool to extract various credentials and secrets
from Windows registry hives. It currently extracts:

    * LM and NT hashes (SYSKEY protected)
    * Cached domain passwords
    * LSA secrets

It essentially performs all the functions that bkhive/samdump2,
cachedump, and lsadump2 do, but in a platform-independent way.

It is also the first tool that does all of these things in an offline
way (actually, Cain & Abel does, but is not open source and is only
available on Windows).
---

I hope this will be of use to you all. Please let me know if you
discover any bugs!

Cheers,
Brendan

PS: For a slightly more detailed introduction to the tool, see:
http://moyix.blogspot.com/2008/02/creddump-extract-credentials-from.html

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------