Hey pen testers,
Ever wanted to extract LSA secrets, dump cached domain hashes, or just
get the local LM and NT hashes from a Windows box without booting into
Windows? Or maybe you came by some registry hives but don't have
access to the original box they came from -- cachedump and lsadump2
won't work in this case. Or perhaps you just want to learn how the
obfuscation algorithms in Windows work without digging through
hard-to-read C.
To solve these problems, I announce CredDump:
http://code.google.com/p/creddump/
From the README:
---
creddump is a python tool to extract various credentials and secrets
from Windows registry hives. It currently extracts:
* LM and NT hashes (SYSKEY protected)
* Cached domain passwords
* LSA secrets
It essentially performs all the functions that bkhive/samdump2,
cachedump, and lsadump2 do, but in a platform-independent way.
It is also the first tool that does all of these things in an offline
way (actually, Cain & Abel does, but is not open source and is only
available on Windows).
---
I hope this will be of use to you all. Please let me know if you
discover any bugs!
Cheers,
Brendan
PS: For a slightly more detailed introduction to the tool, see:
http://moyix.blogspot.com/2008/02/creddump-extract-credentials-from.html
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
