Quarks PwDump - Tool To Extract Credentials From Windows Operating Systems

Quarks PwDump - Tool To Dump various types of Windows credentials without injecting in any process

Quarks PwDump is an open source tool that you can use to dump various types of Windows credentials: local account, domain accounts, cached domain credentials and bitlocker. 

Note: It requires administrator privileges to extract credentials.

It can extract Local accounts NT/LM hashes + history Domain accounts NT/LM hashes + history stored in NTDS.dit file, Cached domain credentials, and Bitlocker recovery information (recovery passwords & key packages) stored in NTDS.dit

Quarks PwDump works on Windows XP / 2003 / Vista / 7 / 2008 / 8.

Quarks PwDump Snapshot


Usage:

quarks-pwdump.exe <options>
Options:
-dhl  --dump-hash-local
-dhdc --dump-hash-domain-cached
-dhd  --dump-hash-domain (NTDS_FILE must be specified)
-db   --dump-bitlocker (NTDS_FILE must be specified)
-nt   --ntds-file FILE
-hist --with-history (optional)
-t    --output-type JOHN/LC (optional, if no=>JOHN)
-o    --output FILE (optional, if no=>stdout)

Examples:

  • Dump domain hashes from NTDS.dit with its history
quarks-pwdump.exe --dump-hash-domain --with-history
  • Dump local account hashes to LC format
quarks-pwdump.exe --dump-hash-local --output-type LC
  • Dump domain hashes from NTDS.dit with its history
quarks-pwdump.exe --dump-bitlocker --output c:\bitlocker.txt --ntds-file c:\ntds.dit



No comments

Powered by Blogger.