Looking for:
Index of /pub/projects/john/contrib/pwdump
Version 2. We now have a mailing list for all of our foofus. This is a great way to get help on using the tools, report bugs, make feature requests and find out about new releases first! Cachedump has been problematic, but checking out some posts at oxid.
I am hoping to have that available quite soon. Also, I’m hoping to eventually get rid of the “dependence” on pwdump and cachedump executables. This will necessitate me changing how fgexec the service that carries out remote execution works, but I think it will simplify things quite a bit in the long term. It’s still not perfect, but it IS better. This is not as easy as it sounds, at least not remotely! In the mean time, if fgdump is unsure, it will report it and default to bit.
The -O [32 64] flag will manually override the target OS architecture. So, for example if fgdump is reporting a host as bit and you KNOW it is bit, you can use -O 64 or vice-versa, of course. Note that this flag will apply to ALL hosts you are dumping! You might want to single out any hosts you need to override. I got around to adding bit support to pwdump 1. At the same time, I rolled out a few new features which I’ve either been sitting on, or have been talking about for awhile.
And of course, as is typical with new releases, most AV is blind at least for a bit. This is useful if you know AV is not picking it up, you want to tamper with the target as little as possible. A couple of notes about the log files. You can override this using -l if you want it to be named something specific. This file contains greppable records so you can quickly identify what hosts failed, why, and if there are still processes running on the host.
This should help during the cleanup phase. The fields in this file are as follows all separated by ” ” characters :. Additionally, the command line used to invoke fgdump is stored in the log file now. If this bothers you, please omit the -p parameter and simply provide the password when fgdump asks for it. Please also note that this version has quite a number of changes in it and, while I’m releasing it as non-beta, there is a higher-than-normal chance for bugginess.
As usual, please report any issues you find. It’s interesting to me that bugs seem to come in batches. Take, for example, the main bug that prompted the release of 1. As it turns out, the bug had been in the code since day 1, it’s just no one had reported it until now.
Or I missed their email, which happens periodically. Also in this release is a first pass at disabling Sophos AV, since we actually ran into this at a customer site. Someone sent me a great link to an AV service list, so when I get time, I’ll be expanding the program to work with those vendors as well.
Also in this release is a new version of cachedump dubbed 1. The changes cover a larger buffer size 20k instead of 4k, should be useful in big domain environments as well as adding quotes around the service name, which fixes issues when the service got installed into a path with a space in it. Many thanks to him and other folks who have contributed code, bug reports and feature requests!
The short news is that fgdump 1. It’s a minor revision, and addresses issues when running locally namely “could not connect” types of errors. I also found a printf bug which has been appropriately taken care of.
I haven’t had the chance to comment on Defcon yet, but I have to say, I was pretty impressed this year. As usual, I learned a bit, drank way too much and met some cool people. It was great to meet everyone, feel free to stop by and drink our beer anytime. We’ve been having a problem since we moved the site, such that certain links would be broken, images wouldn’t show up, that kind of thing.
Until we get this resolved permanently, I’ve made some changes to the URIs to avoid the problem. For those of you direct-linking to the site, you can solve this as well by changing ‘www. As I said, I hope this is temporary, but drop me a line if you have questions. See you all at Defcon next week! As promised though a bit later than I would have liked , I am providing an updated fgdump which is again a bit more evasive with AV for now, I’m sure that will change.
This version also resolves a long-standing problem when running against a local box which would result in an “error 2” for pwdump data. That should no longer be the case. I would really like to thank Neil for helping me work through some fgdump issues – he has been exceptionally helpful in providing detailed error messages, platform information and doing some testing to squash these most recent bugs.
Those who have offered help, I cannot possibly thank you enough. As is the usual case, foofus. Feel free to drop me a line if you’re going as well and would like to chat about the project, make suggestions, etc. I’ve also been told I make a mean brandy old-fashioned, which is a cocktail for those not familiar with it.
Anything donated goes to the general foofus. So it seems our friends at McAfee have updated their AV signatures and are once again detecting pwdump. Now there are a couple of ways I can get around this certainly, but one stands out as being an easy, quick solution for now. I should have a new release shortly for those who are running into problems with it.
Thanks to Vitaly for pointing this one out to me – I hadn’t seen the updated defs yet! Also, to the folks at McAfee and other AV vendors: while I understand you seeing the risks associated with this program, please understand that the majority of usage is by law-abiding folks trying to perform assessments and the like, without any ill intention. The reason I am going to such lengths to avoid AV is not out of a desire to sneak bad programs in, nor to make your life harder.
It’s simply so that we can continue to do our legitimate job without wrecking servers and making people call us bad names. Just my two cents. Greets to all my fellow Foofites: j0m0-Kun who is the inspiration for this program , phenfen, omi, fade, pmonkey, grunch and of course our namesake foofus. Many thanks to the awesome folks who created cachedump and pwdump3e as well!
Please let me know if this is useful to you, and I welcome constructive comments and suggestions at fizzgig “AT” foofus “DOT” net. Certain vendors’ solutions would sometimes allow pwdump to run, sometimes not, and sometimes lock up the box.
As such, we as security engineers had to remember to shut off antivirus before running pwdump and similar utilities like cachedump. Needless to say, we’re forgetful sometimes So fgdump started as simply a wrapper around things we had to do to make pwdump work effectively.
Later, cachedump was added to the mix, as were a couple other variations of AV. Over time it has grown, and continues to grow, to support our assessments and other projects. We are beginning to use it extensively within Windows domains for broad password auditing, and in conjunction with other tools ownr and pwdumpToMatrix. However, hopefully some of you other security folks will find this helpful.
In quick summary, the main code execution path of fgdump is as follows:. Many of the parameters associated with these operations are tweakable via the command line. Run fgdump with no parameters to get the current list of available parameters. This means you only need a single executable rather than dragging out a bunch of them.
Of important note are the following:. The source for both of these programs is included in the fgdump source tree, as mandated by the GPL. If you modify fgdump and still use these programs, please continue to distribute the source code for these fine programs.
I removed lsadump2 from fgdump. There were a number of issues that were problematic and, at the end of the day, the amount of useful output it produced just did not justify adding it at this time. This is a work in progress, and the subject of furious research.
The code was all compiled using Visual Studio. Ideally, everything should compile out of the box. Neither I, nor foofus. By using this program, you assume any and all risk associated with the execution of the program, including but not limited to damage to a system or data loss. In other words,if you break someone’s stuff, don’t come crying to me.
About fgdump. Enter your search terms Submit search form.
[Download fgdump.exe
Both versions provide some feature upgrades as well as bug fixes. Folks with really old versions of either program should definitely look at upgrading since there are numerous performance improvements and full multithreading capabilities in both packages. It also can dump cached credentials and protected storage items and can be run in a multithreaded fashion very easily.
I strongly recommend using fgdump, especially given that fgdump uses pwdump6 under the hood! As such, download fgdump.exe as security посмотреть больше had to remember to shut off antivirus before running pwdump and similar utilities like cachedump.
So fgdump started as simply a wrapper around download fgdump.exe we had to do to make pwdump work effectively. Later, cachedump was added to the mix, as download fgdump.exe a couple other variations of AV.
Over time it has grown, and continues to grow, to support our assessments and other projects. We are beginning to use it extensively download fgdump.exe Windows domains for broad password auditing, and in conjunction with other tools ownr and pwdumpToMatrix.
However, hopefully some of you other security folks will find this helpful. Cool, but when is there a bit version available? Is that a safe system or am I just missing the right auditing tools? Good luck :. Does anyone understand these instructions on how to use it? I dont…. Could anyone please help me? I would love to try it try it out on my brothers pc… :p I have pwdump 4 and 6. If anyone could help me out it would be great. Last updated: Вот ссылка 2,views.
Share 8. Vlarol November 13, at am. Darknet December 13, download fgdump.exe am. Peter December 13, at am. If anyone could help me out it would be download fgdump.exe thx in advance, Peter.
School Hacker March 4, at pm.
Download fgdump.exe
Both versions provide some feature upgrades as well as bug fixes. Folks with really old versions of either program should definitely look at upgrading since there are numerous performance improvements and full multithreading capabilities in both packages. It also can dump cached credentials and protected storage items and can be run in a multithreaded fashion very easily.
I strongly recommend using fgdump, especially given that fgdump uses pwdump6 under the hood! As such, we as security engineers had to remember to shut off antivirus before running pwdump and similar utilities like cachedump. So fgdump started as simply a wrapper around things we had to do to make pwdump work effectively.
Later, cachedump was added to the mix, as were a couple other variations of AV. Over time it has grown, and continues to grow, to support our assessments and other projects. We are beginning to use it extensively within Windows domains for broad password auditing, and in conjunction with other tools ownr and pwdumpToMatrix. However, hopefully some of you other security folks will find this helpful. Cool, but when is there a bit version available?
Is that a safe system or am I just missing the right auditing tools? Latest commit. Git stats 10 commits. Failed to load latest commit information. View code. Many thanks to the awesome folks who created cachedump and pwdump3e as well! Certain vendors’ solutions would sometimes allow pwdump to run, sometimes not, and sometimes lock up the box. As such, we as security engineers had to remember to shut off antivirus before running pwdump and similar utilities like cachedump.
Needless to say, we’re forgetful sometimes So fgdump started as simply a wrapper around things we had to do to make pwdump work effectively.
Later, cachedump was added to the mix, as were a couple other variations of AV. Over time it has grown, and continues to grow, to support our assessments and other projects. We are beginning to use it extensively within Windows domains for broad password auditing, and in conjunction with other tools ownr and pwdumpToMatrix. However, hopefully some of you other security folks will find this helpful.
Run fgdump with no parameters to get the current list of available parameters. This means you only need a single executable rather than dragging out a bunch of them. Of important note are the following: – cachedump: This is the popular cached credential program created by the folks at off-by-one.
Currently, the executable is included verbatim. The source for both of these programs is included in the fgdump source tree, as mandated by the GPL. If you modify fgdump and still use these programs, please continue to distribute the source code for these programs.
Also in the source tree: – fgexec: A simple service that can be remotely installed that will run a remote executable. Its very similar in function to psservice or sc, just more limited. Ideally, everything should compile out of the box.
I, nor foofus. By using this program, you assume any and all risk associated with the execution of the program, including but not limited to damage to a system or data loss. In other words,if you break someone’s stuff, don’t come crying to me.