Hash dump神器 (转)

在Win7 x64位下无压力测试通过。

 

0 / INTRO
=========

Quarks PwDump 是一个Win32环境下的系统授权信息导出工具，目前除此之外没有任何一款工具可以导出如此全面的信息，支持这么多的OS版本，且相当稳定。

它目前可以导出 :
- Local accounts NT/LM hashes + history 本机NT/LM哈希+历史登录记录
– Domain accounts NT/LM hashes + history 域中的NT/LM哈希+历史登录记录
– Cached domain password 缓存中的域管理密码
– Bitlocker recovery information (recovery passwords & key packages) 使用Bitlocker的恢复后遗留的信息

支持的操作系统 : XP/2003/Vista/7/2008/8
1 / USAGE
=========

Here it is how you can use Quarks PWDump:

quarks-pwdump.exe <option(s)> <NTDS file>
Options :
–dump-hash-local
–dump-hash-domain-cached
–dump-hash-domain (NTDS_FILE must be specified)
–dump-bitlocker (NTDS_FILE must be specified)
–with-history (optional)
–output-type JOHN/LC (optional, if no=>JOHN)
–output FILE (optional, if no=>stdout)

Dump options must be user all at once.
In all cases, the tool must be executed on the targeted operating system.

Some command examples:

- Dump domain hashes from NTDS.dit with its history
#quarks-pwdump.exe –dump-hash-domain –with-history

- Dump local account hashes to LC format
#quarks-pwdump.exe –dump-hash-local –output-type LC

- Dump domain hashes from NTDS.dit with its history
#quarks-pwdump.exe –dump-bitlocker –output c:itlocker.txt c: tds.dit

All features require administrator privileges.

点击下载