FGDump
Jump to navigation
Jump to search
Description
A Tool For Mass Password Auditing of Windows Systems
Installation
Download link: http://www.foofus.net/fizzgig/fgdump/fgdump-2.1.0-exeonly.zip
Usage
Syntax
fgdump [-?][-t][-c][-w][-s][-r][-v][-k][-o][-a][-l logfile][-T threads] [{{-h Host | -f filename} -u Username -p Password | -H filename}]
where Username and Password have administrator credentials
Options
- -?
- displays help (you're looking at it!)
- -t
- will test for the presence of antivirus without actually running the password dumps
- -c
- skips the cache dump
- -w
- skips the password dump
- -s
- performs the protected storage dump
- -r
- forgets about existing pwdump/cachedump files. The default behavior is to skip a host if these files already exist.
- -v
- makes output more verbose. Use twice for greater effect
- -k
- keeps the pwdump/cachedump going even if antivirus is in an unknown state
- -l
- logs all output to logfile
- -T
- runs fgdump with the specified number of parallel threads
- -h
- is the name of the single host to perform the dumps against
- -f
- reads hosts from a line-separated file
- -H
- reads host:username:password from a line-separated file (per-host cr edentials)
- -o
- skips pwdump history dumps
- -a
- will not attempt to detect or stop antivirus, even if it is present
Example
Let's use fgdump to dump the local passwords:
C:\Documents and Settings\malware\Bureau\fgdump-2.1.0-exeonly>fgdump.exe fgDump 2.1.0 - fizzgig and the mighty group at foofus.net Written to make j0m0kun's life just a bit easier Copyright(C) 2008 fizzgig and foofus.net fgdump comes with ABSOLUTELY NO WARRANTY! This is free software, and you are welcome to redistribute it under certain conditions; see the COPYING and README files for more information. --- Session ID: 2014-01-20-19-10-02 --- Starting dump on 127.0.0.1 ** Beginning local dump ** OS (127.0.0.1): Microsoft Windows XP Professional Service Pack 3 (Build 2600) Passwords dumped successfully Cache dumped successfully -----Summary----- Failed servers: NONE Successful servers: 127.0.0.1 Total failed: 0 Total successful: 1
fgdump has successfully dumped the password hashes:
C:\Documents and Settings\malware\Bureau\fgdump-2.1.0-exeonly>more 127.0.0.1.pwdump Administrateur:500:B0347EB22B87E3F1AAD3B435B51404EE:711EFD7CDC285C11DDFAE2B3D9861DB1::: HelpAssistant:1000:6C34BBCD28DD6A8A56088AD6CEFC1BFB:D474527929F6B428B7EA2F7C8B79CE5A::: InvitÚ:501:NO PASSWORD*********************:NO PASSWORD*********************::: malware:1003:NO PASSWORD*********************:NO PASSWORD*********************::: SUPPORT_388945a0:1002:NO PASSWORD*********************:AAB42B496473C917825C842BEACF0B75:::