Use Pwdump7 to extract the hash value of the system password

 5427518

First, download the unzip pwdump7.rar file and decompress it to the root directory of drive D. Next, open the "command prompt" window, enter the "PwDump7" command, and press the Enter key to see the result. Figure command execution result the "PASSWORD" is followed by an asterisk, indicating that the current account has not set a PASSWORD. When we set a password for the Administrator account and run the "PwDump7" command again, we will get the following content: Administrator: 500: login: 32ED87BDB5FDC5E9CBA88547376818D4 ::: the obtained password is a ciphertext, and we need to reverse translate it to obtain the corresponding plaintext password. Let's take a look at other usage of the "PwDump7" command: pwdump7.exe-s (Dump passwords from files0000pwdump7.exe-d [Destionation] (Copy filename to destionation1_pwdump7.exe-h (Show this help) the "-s" parameter here refers to extracting hash from the SAM database file, this file is located in the "% systemroot % configsam" directory. Here the "-d" parameter refers to copying a file to another location. For example, the command can be: D:> PwDump7.exe-d c: abc. sys abc. chm The biggest charm of this transfer parameter is that the file being called by the process can be copied successfully, such as copying the "pagefile. sys" file. Temporary tool:Http://www.51chi.net/sysexp/Pwdump7.rar Antivirus software may report viruses. Perform self-detection. Instructions for use: Pwdump7 can extract the user password hash (including LM and NTLM) in the system under CMD. Of course, you must have system permissions. I extracted the HASH and used ophcrack to break out the plaintext password, which is very helpful for further penetration. After my test, it can be used in XP. Extracted successfully. This tool requires support for a DLL file, which is included in the compressed package and only needs to be placed in a folder. Simple, direct input D:> PwDump7.exe Pwdump v7.1-raw password extractor Author: Andres Tarasco Acuna Url:Http://www.514.es Administrator: 500: 25FC25A0CA659E57ACEDB07452AB7A8E: Authorization: guest: 501: 0E175C3EFF8EED1652440321FCD91E4E: Signature ::: Atarasco: 1001: 45C6AEEDC857A06DC595236F8F5FECAA: D0253497114C1B4CC337210F4580A716 ::: Usage: Pwdump7.exe (Dump system passwords) Pwdump7.exe-s <samfile> <systemfile> (Dump passwords from files) Pwdump7.exe-d <filename> [destionation] (Copy filename to destionation) Pwdump7.exe-h (Show this help) -S extracts hash from a sam file. This file is in % systemroot % configsam, here. -D is to copy a file to another location, D:> PwDump7.exe-d c: pagefile. sys pagefile. dmp can be seen from this example that it is particularly important that the file being occupied by the process can be copied successfully. Solve the problem that libeay32.dll cannot be found or is missing. Copy libeay32.dll to windows/system32.