Jump to content

Hack Help, PW Dump


rodz91

Recommended Posts

Okay, I seem to have a problem with the whole PW Dump thing. Basically, it's not working, now, I have tried various methods, the batch file reads as follows:

if exist WIPdump%computername%pwdump.log del WIPdump%computername%pwdump.log

Echo ************************************ >> WIPdump%computername%pwdump.log 2>&1

Echo ***********[Dump SAM]*************** >> WIPdump%computername%pwdump.log 2>&1

Echo ************************************ >> WIPdump%computername%pwdump.log 2>&1

.pwdump 127.0.0.1 >> WIPdump%computername%pwdump.log 2>&1

I have the lsaext.dll required

I downloaded the pwdump.exe from the package page, when I run the script I get a Couldn't open G:WIPCMDpwservice.exe for reading.

So I went to some page and downloaded the pwservice.exe that came with the package (1.1mb in size). When I run the script it hangs on me and eventually windows is terminated due to some core file messing up (System32/Isass) and forces shutdown.

So, yeah. I've tried both versions of PwDump (the 48kb and 1.12mb) and nothing seems to cut it. I tried the md1.2 payload. Nada.

I run windows xp pro, dunno if it makes any difference.

Any help please? I've tried a few things and nothing seems to cut it, am I that dumb?

Link to comment
Share on other sites

It's actually LSASS.exe and, in short, that is what happens when the system is patched.

FGDump still works for me, however the remote registry service has to be running so it can install a service before doing the payload.

This all can be done with registry/bat files and you can start dumping the lm hashes as long as user is still using lm hashes and it meets the requirements to store the lm hash.

Link to comment
Share on other sites

I've been playing with FGDump, tried the various switches, if left alone, when I start it, it will start dumping localhost... sort of. creates the file but stays blank, as so I assume nothing is getting done...

How would I go around doing the remote registry service?

I've been trying hard, so far with PwdumpV6 It runs crashless, just never dumps any hash at all...

It's doable with Cain, so I was wondering if it was somehow possible to make that module into a switchblade version?

My problem basically is I can get the stuff to run, it just doesn't get squat done, any insight?

Link to comment
Share on other sites

yeah, admin privileges.

Tried the siliv build and seems to work, on other pc's, for some reason not on mine. Now, not that I can complain, but I can't help but wonder why mine is... protected dare I say? For some odd reason the program can't dump my hashes, but works fine on other pc's.

The only programs I can think of that *may* be involved in my protection are either NOD32 or WinPatrol (doubt that one, but who knows)... Cain and Abel dump works just fine, so... iunno really...

Anyone had any similar problems?

BTW, pwdump can only be run with admin privileges? 'Cause that's kinda a bummer since I intented to steal a pw or two from school pc's...

Thanks for the help btw.

Link to comment
Share on other sites

yeah, admin privileges.

Tried the siliv build and seems to work, on other pc's, for some reason not on mine. Now, not that I can complain, but I can't help but wonder why mine is... protected dare I say? For some odd reason the program can't dump my hashes, but works fine on other pc's.

The only programs I can think of that *may* be involved in my protection are either NOD32 or WinPatrol (doubt that one, but who knows)... Cain and Abel dump works just fine, so... iunno really...

Anyone had any similar problems?

BTW, pwdump can only be run with admin privileges? 'Cause that's kinda a bummer since I intented to steal a pw or two from school pc's...

Thanks for the help btw.

Yeah I guess it could be your antivirus detecting pwdump for example. And yes, pwdump (and all other similar tools [that is, tools you run directly from Windows]) do require admin-privileges.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...