Quarks PwDump various 32-bit 64-bit systems get HASH

Quarks PwDump various 32-bit 64-bit systems get HASH

Quarks PwDump is an open-source Windows user credential extraction tool that captures various types of user creden, on windows platforms, including: local Account, domain account, cached domain account, and Bitlocker. The reason why I developed this tool is that no tool can capture all types of hash and Bitlocker information at the same time. This tool does not inject any process. The working principle is Shenma. The source code is worth reading.

It can be exported currently:
-Local accounts NT/LM hashes + history native NT/LM hash + historical logon records
-Domain accounts NT/LM hashes + NT/LM hash + historical logon records in the history field
-Cached domain password: domain management password in the cache
-Bitlocker recovery information (recovery passwords & key packages): Use Bitlocker to restore the legacy information

Supported Operating Systems: XP/2003/Vista/7/2008/8
1/USAGE
==========

Here it is how you can use Quarks PWDump:

Quarks-pwdump.exe <option (s)>
Options:
-Dump-hash-local
-Dump-hash-domain-cached
-Dump-hash-domain (NTDS_FILE must be specified)
-Dump-bitlocker (NTDS_FILE must be specified)
-With-history (optional)
-Output-type JOHN/LC (optional, if no => JOHN)
-Output FILE (optional, if no => stdout)

Dump options must be user all at once.
In all cases, the tool must be executed on the targeted operating system.

Some command examples:

-Dump domain hashes from NTDS. dit with its history
#Quarks-pwdump.exe-dump-hash-domain-with-history

-Dump local account hashes to LC format
#Quarks-pwdump.exe-dump-hash-local-output-type LC

-Dump domain hashes from NTDS. dit with its history
#Quarks-pwdump.exe-dump-bitlocker-output c: bitlocker.txt c: ntds. dit

All features require administrator privileges.

Local testing (win7 64 ):