New versions of the excellent pwdump6 and fgdump have been released (1.6.0 for both!).
For those that don’t know what pwdump or gfdump are..
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.
fgdump is a more powerful version of pwdump6. pwdump tends to hang and such when antivirus is present, so fgdump takes care of that by shutting down and later restarting a number of AV programs. It also can dump cached credentials and protected storage items, and can be run in a multithreaded fashion very easily. I strongly recommend using fgdump over pwdump6, especially given that fgdump uses pwdump6 under the hood! You’ll get everything pwdump6 gives you and a lot more.
Darknet definately DOES recommend fgdump, super cool update of the old favourite pwdump.
The primary change in both packages for version 1.6.0 is that they will once again, for the time being, sneak by antivirus more easily. This is strictly to allow the majority of the userbase, who are legitimate pen-testing users, to carry out their work unfettered.
fgdump was also fixed to correct a problem when running locally – if you’ve received the infamous “error 2” message before, you should find that no longer occurs! As always, for pwdump6 users, I recommend highly that you switch to fgdump – I doubt you will regret it. :)
fgdump is targetted at the security auditing community, and is designed to be used for good, not evil. :) Note that, in order to effectively use fgdump, you’re going to need high-power credentials (Administrator or Domain Administrator, in most cases), thus limiting its usefulness as a hacking tool. However, hopefully some of you other security folks will find this helpful.