From aldeid
Jump to navigation Jump to search


A Tool For Mass Password Auditing of Windows Systems


Download link: http://www.foofus.net/fizzgig/fgdump/fgdump-2.1.0-exeonly.zip



fgdump [-?][-t][-c][-w][-s][-r][-v][-k][-o][-a][-l logfile][-T threads] [{{-h Host | -f filename} -u Username -p Password | -H filename}]

where Username and Password have administrator credentials


displays help (you're looking at it!)
will test for the presence of antivirus without actually running the password dumps
skips the cache dump
skips the password dump
performs the protected storage dump
forgets about existing pwdump/cachedump files. The default behavior is to skip a host if these files already exist.
makes output more verbose. Use twice for greater effect
keeps the pwdump/cachedump going even if antivirus is in an unknown state
logs all output to logfile
runs fgdump with the specified number of parallel threads
is the name of the single host to perform the dumps against
reads hosts from a line-separated file
reads host:username:password from a line-separated file (per-host cr edentials)
skips pwdump history dumps
will not attempt to detect or stop antivirus, even if it is present


Let's use fgdump to dump the local passwords:

C:\Documents and Settings\malware\Bureau\fgdump-2.1.0-exeonly>fgdump.exe
fgDump 2.1.0 - fizzgig and the mighty group at foofus.net
Written to make j0m0kun's life just a bit easier
Copyright(C) 2008 fizzgig and foofus.net
fgdump comes with ABSOLUTELY NO WARRANTY!
This is free software, and you are welcome to redistribute it
under certain conditions; see the COPYING and README files for
more information.

--- Session ID: 2014-01-20-19-10-02 ---
Starting dump on

** Beginning local dump **
OS ( Microsoft Windows XP Professional Service Pack 3 (Build 2600)
Passwords dumped successfully
Cache dumped successfully


Failed servers:

Successful servers:

Total failed: 0
Total successful: 1

fgdump has successfully dumped the password hashes:

C:\Documents and Settings\malware\Bureau\fgdump-2.1.0-exeonly>more
InvitÚ:501:NO PASSWORD*********************:NO PASSWORD*********************:::
malware:1003:NO PASSWORD*********************:NO PASSWORD*********************:::
SUPPORT_388945a0:1002:NO PASSWORD*********************:AAB42B496473C917825C842BEACF0B75:::