Quarks PwDump - Tool To Extract Credentials From Windows Operating Systems
Quarks PwDump is an open source tool that you can use to dump various types of Windows credentials: local account, domain accounts, cached domain credentials and bitlocker.
Note: It requires administrator privileges to extract credentials.
It can extract Local accounts NT/LM hashes + history Domain accounts NT/LM hashes + history stored in NTDS.dit file, Cached domain credentials, and Bitlocker recovery information (recovery passwords & key packages) stored in NTDS.dit
Usage:
quarks-pwdump.exe <options>
-dhl --dump-hash-local -dhdc --dump-hash-domain-cached -dhd --dump-hash-domain (NTDS_FILE must be specified) -db --dump-bitlocker (NTDS_FILE must be specified) -nt --ntds-file FILE -hist --with-history (optional) -t --output-type JOHN/LC (optional, if no=>JOHN) -o --output FILE (optional, if no=>stdout)
Examples:
- Dump domain hashes from NTDS.dit with its history
quarks-pwdump.exe --dump-hash-domain --with-history
- Dump local account hashes to LC format
quarks-pwdump.exe --dump-hash-local --output-type LC
- Dump domain hashes from NTDS.dit with its history
quarks-pwdump.exe --dump-bitlocker --output c:\bitlocker.txt --ntds-file c:\ntds.dit
You might also like:
Post a Comment