{
	"id": "eda4d990-63ba-47a8-90fc-1cbcea0f8d06",
	"created_at": "2026-04-06T00:17:19.899344Z",
	"updated_at": "2026-04-10T03:20:17.130919Z",
	"deleted_at": null,
	"sha1_hash": "949d85c416c28ca12cc5a5718fe14128c3545bfa",
	"title": "Windows PWDUMP tools",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 92287,
	"plain_text": "Windows PWDUMP tools\r\nArchived: 2026-04-05 19:34:18 UTC\r\nProducts\r\nOpenwall GNU/*/Linux   server OS\r\nLinux Kernel Runtime Guard\r\nJohn the Ripper   password cracker\r\nFree \u0026 Open Source for any platform\r\nin the cloud\r\nPro for Linux\r\nPro for macOS\r\nWordlists   for password cracking\r\npasswdqc   policy enforcement\r\nFree \u0026 Open Source for Unix\r\nPro for Windows (Active Directory)\r\nyescrypt   KDF \u0026 password hashing\r\nyespower   Proof-of-Work (PoW)\r\ncrypt_blowfish   password hashing\r\nphpass   ditto in PHP\r\ntcb   better password shadowing\r\nPluggable Authentication Modules\r\nscanlogd   port scan detector\r\npopa3d   tiny POP3 daemon\r\nblists   web interface to mailing lists\r\nmsulogin   single user mode login\r\nphp_mt_seed   mt_rand() cracker\r\nServices\r\nPublications\r\nArticles\r\nPresentations\r\nResources\r\nMailing lists\r\nCommunity wiki\r\nSource code repositories (GitHub)\r\nFile archive \u0026 mirrors\r\nHow to verify digital signatures\r\nOVE IDs\r\nWhat's new\r\nhttps://www.openwall.com/passwords/windows-pwdump\r\nPage 1 of 4\n\nHash Suite by Alain Espinosa\r\nWindows 7 to 11 (64-bit), shareware, free or $39.95+\r\nHash Suite is a very efficient auditing tool for Windows password hashes (LM, NTLM, and Domain Cached\r\nCredentials also known as DCC and DCC2). It is very fast, yet it has modest memory requirements even when\r\nattacking a million of hashes at once. The GUI is simple, yet uses modern features offered by Windows 7 and\r\nabove. Besides the password security auditing program itself, there's an included reports engine that generates\r\nreports in multiple formats, including PDF. (The reports engine requires free Java VM from Oracle to be\r\ninstalled.)\r\npwdump by Jeremy Allison\r\nWindows NT, free (permissive BSD and GPL-compatible Open Source license)\r\nDownload local copy of pwdump (49 KB)\r\nThis handy utility dumps the password database of an NT machine that is held in the NT registry (under\r\nHKEY_LOCAL_MACHINE\\SECURITY\\SAM\\Domains\\Account\\Users) into a valid smbpasswd format file\r\n(which is understood by practically all Windows password security auditing tools).\r\nThis is the original pwdump program. It is mostly of historical value these days. You will likely want to use a\r\nnewer reimplementation such as pwdump6 instead. You might also be interested in our file archive with local\r\ncopies of many pwdump-like and pwdump-related programs.\r\npwdump2 by Todd Sabin of Bindview\r\nWindows NT/2000, free (GPL v2)\r\nDownload local copy of pwdump2 (46 KB)\r\nThis is an application which dumps the password hashes from NT's SAM database, whether or not SYSKEY is\r\nenabled on the system. NT Administrators can now enjoy the additional protection of SYSKEY, while still being\r\nable to check for weak users' passwords. The output follows the same format as the original pwdump (by Jeremy\r\nAllison) and can be used as input to password crackers. You need the SeDebugPrivilege for it to work. By default,\r\nonly Administrators have this right, so this program does not compromise NT security.\r\npwdump3 and pwdump3e by Phil Staubs and Erik Hjelmstad of PoliVec, Inc.\r\nWindows NT/2000, free (GPL v2)\r\nDownload local copies of pwdump3 version 2 (87 KB) and pwdump3e (217 KB)\r\npwdump3 enhances the existing pwdump and pwdump2 programs developed by Jeremy Allison and Todd Sabin,\r\nrespectively. pwdump3 works across the network and whether or not SYSKEY is enabled. Like the previous\r\npwdump utilities, pwdump3 does not represent a new exploit since administrative privileges are still required on\r\nthe remote system. One of the largest improvements with pwdump3 over pwdump2 is that it allows network\r\nadministrators to retrieve hashes from a remote NT system.\r\npwdump3e provides enhanced protection of the password hash information by encrypting the data before it is\r\npassed across the network. It uses Diffie-Hellman key agreement to generate a shared key that is not passed across\r\nthe network, and employs the Windows Crypto API to protect the hashes.\r\nhttps://www.openwall.com/passwords/windows-pwdump\r\nPage 2 of 4\n\npwdump4 by bingle\r\nWindows NT/2000, free (GPL v2)\r\nDownload local copy of pwdump4 (72 KB)\r\npwdump4 is an attempt to improve upon pwdump3. It might work in cases when pwdump3 fails (and vice versa).\r\npwdump5 by AntonYo!\r\nWindows NT/2000/XP/2003, free\r\nDownload local copy of pwdump5 (28 KB)\r\npwdump5 is an application that dumps password hashes from the SAM database even if SYSKEY is enabled on\r\nthe system. If SYSKEY is enabled, the program retrieves the 128-bit encryption key, which is used to\r\nencrypt/decrypt the password hashes.\r\npwdump6 by fizzgig\r\nWindows 2000/XP/2003/Vista, free (GPL v2)\r\nDownload local copy of pwdump6 1.7.2 in ZIP (1268 KB) or tar.bz2 format (1103 KB)\r\npwdump6 is a significantly modified version of pwdump3e. This program is able to extract NTLM and LanMan\r\nhashes from a Windows target, regardless of whether SYSKEY is enabled. It is also capable of displaying\r\npassword histories if they are available. Currently, data transfer between the client and target is NOT encrypted, so\r\nuse this at your own risk if you feel eavesdropping may be a problem.\r\npwdump7 by Andres Tarasco Acuna\r\nWindows NT family (up through XP or Vista?), free\r\nDownload local copy of pwdump7 revision 7.1 (505 KB)\r\npwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative\r\nprivileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped, the\r\nSYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes\r\nand dump them in pwdump like format.\r\nQuarks PwDump originally by Sebastien Kaczmarek of Quarkslab\r\nWindows XP/2003/Vista/7/2008/8, free (GPL v3)\r\nOriginal source code on GitHub (no pre-compiled binary, outdated) by Quarkslab\r\nRevised source code on GitHub (with pre-compiled binary in Releases) by red canari\r\nDownload local copy of Quarks PwDump 0.3a by red canari (369 KB) or its source code (5.6 MB including a\r\nprerequisite library)\r\nQuarks PwDump extracts local accounts NT/LM hashes + history, domain accounts NT/LM hashes + history,\r\ncached domain password, Bitlocker recovery information (recovery passwords \u0026 key packages). It requires\r\nadministrator privileges.\r\npwdump8 by Fulvio Zanetti and Andrea Petralia of blackMath\r\nWindows 2000/XP/Vista/7/2008/8/8.1/10/2012/2016/2019, free\r\nDownload local copy of pwdump8 8.2 (529 KB)\r\nhttps://www.openwall.com/passwords/windows-pwdump\r\nPage 3 of 4\n\npwdump8 supports AES-128 encrypted hashes and thus works on Windows 10 v1607 and later, where the\r\nprevious pwdump tools fail. pwdump8 works with the local Windows system, as well as with dumped SAM and\r\nSECURITY reg hives. Version 8.2 adds support for domain cached account. pwdump8 requires administrative\r\nprivileges, just like the previous tools did.\r\nmimikatz by Benjamin DELPY `gentilkiwi`\r\nWindows (up to latest builds of Windows 10), free (CC BY 4.0)\r\nmimikatz is a well-known advanced tool to extract plaintexts passwords, hash, PIN code, and Kerberos tickets\r\nfrom memory. mimikatz can also perform pass-the-hash, pass-the-ticket, or build Golden tickets. mimikatz is an\r\nactively maintained Open Source project.\r\nOffline NT Password \u0026 Registry Editor by Petter Nordahl-Hagen\r\nWindows NT to 8.1 (32- and 64-bit), freeware\r\nThis is an utility (available in the form of bootable floppy and CD images) to reset the password of any user that\r\nhas a valid (local) account on your NT system, by modifying the password hash in the registry's SAM file. You do\r\nnot need to know the old password to set a new one.\r\nThe editor works offline, that is, you have to shutdown your computer and boot off a floppy disk or a CD. The\r\nboot disks use Linux as the OS and include stuff to access NTFS partitions and scripts to glue the whole thing\r\ntogether.\r\nThis will also work with SYSKEY, including the option to turn it off.\r\n3804804\r\nSource: https://www.openwall.com/passwords/windows-pwdump\r\nhttps://www.openwall.com/passwords/windows-pwdump\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.openwall.com/passwords/windows-pwdump"
	],
	"report_names": [
		"windows-pwdump"
	],
	"threat_actors": [],
	"ts_created_at": 1775434639,
	"ts_updated_at": 1775791217,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/949d85c416c28ca12cc5a5718fe14128c3545bfa.pdf",
		"text": "https://archive.orkl.eu/949d85c416c28ca12cc5a5718fe14128c3545bfa.txt",
		"img": "https://archive.orkl.eu/949d85c416c28ca12cc5a5718fe14128c3545bfa.jpg"
	}
}