Hack Help, PW Dump

[rodz91]

Okay, I seem to have a problem with the whole PW Dump thing. Basically, it's not working, now, I have tried various methods, the batch file reads as follows:

if exist WIPdump%computername%pwdump.log del WIPdump%computername%pwdump.log

Echo ************************************ >> WIPdump%computername%pwdump.log 2>&1

Echo ***********[Dump SAM]*************** >> WIPdump%computername%pwdump.log 2>&1

Echo ************************************ >> WIPdump%computername%pwdump.log 2>&1

.pwdump 127.0.0.1 >> WIPdump%computername%pwdump.log 2>&1

I have the lsaext.dll required

I downloaded the pwdump.exe from the package page, when I run the script I get a Couldn't open G:WIPCMDpwservice.exe for reading.

So I went to some page and downloaded the pwservice.exe that came with the package (1.1mb in size). When I run the script it hangs on me and eventually windows is terminated due to some core file messing up (System32/Isass) and forces shutdown.

So, yeah. I've tried both versions of PwDump (the 48kb and 1.12mb) and nothing seems to cut it. I tried the md1.2 payload. Nada.

I run windows xp pro, dunno if it makes any difference.

Any help please? I've tried a few things and nothing seems to cut it, am I that dumb?

[pseudobreed]

It's actually LSASS.exe and, in short, that is what happens when the system is patched.

FGDump still works for me, however the remote registry service has to be running so it can install a service before doing the payload.

This all can be done with registry/bat files and you can start dumping the lm hashes as long as user is still using lm hashes and it meets the requirements to store the lm hash.

[rodz91]

I've been playing with FGDump, tried the various switches, if left alone, when I start it, it will start dumping localhost... sort of. creates the file but stays blank, as so I assume nothing is getting done...

How would I go around doing the remote registry service?

I've been trying hard, so far with PwdumpV6 It runs crashless, just never dumps any hash at all...

It's doable with Cain, so I was wondering if it was somehow possible to make that module into a switchblade version?

My problem basically is I can get the stuff to run, it just doesn't get squat done, any insight?

[majk]

Are you doing it with an admin account? Have/are you tried it with just the regular Switchblade?

[rodz91]

yeah, admin privileges.

Tried the siliv build and seems to work, on other pc's, for some reason not on mine. Now, not that I can complain, but I can't help but wonder why mine is... protected dare I say? For some odd reason the program can't dump my hashes, but works fine on other pc's.

The only programs I can think of that *may* be involved in my protection are either NOD32 or WinPatrol (doubt that one, but who knows)... Cain and Abel dump works just fine, so... iunno really...

Anyone had any similar problems?

BTW, pwdump can only be run with admin privileges? 'Cause that's kinda a bummer since I intented to steal a pw or two from school pc's...

Thanks for the help btw.

[majk]

yeah, admin privileges.

Tried the siliv build and seems to work, on other pc's, for some reason not on mine. Now, not that I can complain, but I can't help but wonder why mine is... protected dare I say? For some odd reason the program can't dump my hashes, but works fine on other pc's.

The only programs I can think of that *may* be involved in my protection are either NOD32 or WinPatrol (doubt that one, but who knows)... Cain and Abel dump works just fine, so... iunno really...

Anyone had any similar problems?

BTW, pwdump can only be run with admin privileges? 'Cause that's kinda a bummer since I intented to steal a pw or two from school pc's...

Thanks for the help btw.

Yeah I guess it could be your antivirus detecting pwdump for example. And yes, pwdump (and all other similar tools [that is, tools you run directly from Windows]) do require admin-privileges.