pwdump is the name of various Windows programs that outputs theLM andNTLM password hashes of local user accounts from theSecurity Account Manager (SAM) database and from the Active Directory domain's users cache on the operating system.

It is widely used, to perform both the famous pass-the-hash attack, or also can be used to brute-force users' password directly. In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped. Pwdump could be said to compromise security because it could allow a malicious administrator to access user's passwords.^[1]

This sectionneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources in this section. Unsourced material may be challenged and removed.(June 2023) (Learn how and when to remove this message)

The initial program called pwdump was written byJeremy Allison. He published thesource code in 1997 (seeopen-source).^[2] Since then there have been further developments by other programmers:

1. pwdump (1997) — original program by Jeremy Allison.^[3]
2. pwdump2 (2000) — by Todd Sabin of Bindview (GPL), usesDLL injection.^[4]
3. pwdump3 — by Phil Staubs (GPL), works over the network.
   • pwdump3e — by Phil Staubs (GPL), sends encrypted over network.
4. pwdump4 — by bingle (GPL), improvement on pwdump3 and pwdump2.
5. pwdump5 — by AntonYo! (freeware).
6. pwdump6 (c. 2006) — by fizzgig (GPL), improvement of pwdump3e. No source code.
   • fgdump (2007) — by fizzgig, improvement of pwdump6 w/ addons. No source code.
7. pwdump7 — by Andres Tarasco (freeware), uses own filesystem drivers. No source code.
8. pwdump8 — by Fulvio Zanetti and Andrea Petralia, supports AES128 encrypted hashes (Windows 10 and later). No source code.^[5]

This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Pwdump" – news ·newspapers ·books ·scholar ·JSTOR(June 2017) (Learn how and when to remove this message)

• Allison, Jeremy (30 September 2012)."Index of /pub/samba/pwdump".Samba. Retrieved15 June 2017.
• Sabin, Todd (1 February 2017)."New version of PWDump2 allows dumping of password hashes Active Directory".SecuriTeam.com. Retrieved15 June 2017.
• "pwdump8".forums.hak5.org. 15 May 2019.

This security software article is astub. You can help Wikipedia byexpanding it.

• v
• t
• e

• Windows security software
• Cryptographic attacks
• Free security software
• Command-line software
• Computer security software stubs

• Harv and Sfn no-target errors
• Articles with short description
• Short description matches Wikidata
• Articles needing additional references from June 2023
• All articles needing additional references
• Articles needing additional references from June 2017
• All stub articles