FGDump

From aldeid
Jump to: navigation, search

Description

A Tool For Mass Password Auditing of Windows Systems

Installation

Download link: http://www.foofus.net/fizzgig/fgdump/fgdump-2.1.0-exeonly.zip

Usage

Syntax

fgdump [-?][-t][-c][-w][-s][-r][-v][-k][-o][-a][-l logfile][-T threads] [{{-h Host | -f filename} -u Username -p Password | -H filename}]

where Username and Password have administrator credentials

Options

-?
displays help (you're looking at it!)
-t
will test for the presence of antivirus without actually running the password dumps
-c
skips the cache dump
-w
skips the password dump
-s
performs the protected storage dump
-r
forgets about existing pwdump/cachedump files. The default behavior is to skip a host if these files already exist.
-v
makes output more verbose. Use twice for greater effect
-k
keeps the pwdump/cachedump going even if antivirus is in an unknown state
-l
logs all output to logfile
-T
runs fgdump with the specified number of parallel threads
-h
is the name of the single host to perform the dumps against
-f
reads hosts from a line-separated file
-H
reads host:username:password from a line-separated file (per-host cr edentials)
-o
skips pwdump history dumps
-a
will not attempt to detect or stop antivirus, even if it is present

Example

Let's use fgdump to dump the local passwords:

C:\Documents and Settings\malware\Bureau\fgdump-2.1.0-exeonly>fgdump.exe
fgDump 2.1.0 - fizzgig and the mighty group at foofus.net
Written to make j0m0kun's life just a bit easier
Copyright(C) 2008 fizzgig and foofus.net
fgdump comes with ABSOLUTELY NO WARRANTY!
This is free software, and you are welcome to redistribute it
under certain conditions; see the COPYING and README files for
more information.

--- Session ID: 2014-01-20-19-10-02 ---
Starting dump on 127.0.0.1

** Beginning local dump **
OS (127.0.0.1): Microsoft Windows XP Professional Service Pack 3 (Build 2600)
Passwords dumped successfully
Cache dumped successfully

-----Summary-----

Failed servers:
NONE

Successful servers:
127.0.0.1

Total failed: 0
Total successful: 1

fgdump has successfully dumped the password hashes:

C:\Documents and Settings\malware\Bureau\fgdump-2.1.0-exeonly>more 127.0.0.1.pwdump
Administrateur:500:B0347EB22B87E3F1AAD3B435B51404EE:711EFD7CDC285C11DDFAE2B3D9861DB1:::
HelpAssistant:1000:6C34BBCD28DD6A8A56088AD6CEFC1BFB:D474527929F6B428B7EA2F7C8B79CE5A:::
InvitÚ:501:NO PASSWORD*********************:NO PASSWORD*********************:::
malware:1003:NO PASSWORD*********************:NO PASSWORD*********************:::
SUPPORT_388945a0:1002:NO PASSWORD*********************:AAB42B496473C917825C842BEACF0B75:::

Comments

blog comments powered by Disqus