fgdump "the password hash knife" upgraded to 2.0.0

fgdump is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories.

Major changes that come with this release 2.0:

  • fgdump will now detect 64-bit targets and report them as such
  • 64-bit pwdump and cachedump will be used when the target is detected as 64-bit
  • Fixed a problem when connecting to some Samba servers where RegQueryValueEx would not behave as expected
  • fgdump will now generate a session ID during each run - used to correlate failed logs and regular logs
  • Added command line to log file
  • Added session ID to log file
  • Created a new file with the format (session-id).failed which contains greppable data on failed hosts
  • A log file is always generated of the format (session-id).fgdump-log
  • "-l "will now override the default log name.
  • Added -a option to prevent tampering with AV. This is useful if you know AV is not picking it up, you want to tamper with the target as little as possible