在Win7 x64位下无压力测试通过。
0 / INTRO
=========
Quarks PwDump 是一个Win32环境下的系统授权信息导出工具,目前除此之外没有任何一款工具可以导出如此全面的信息,支持这么多的OS版本,且相当稳定。
它目前可以导出 :
- Local accounts NT/LM hashes + history 本机NT/LM哈希+历史登录记录
– Domain accounts NT/LM hashes + history 域中的NT/LM哈希+历史登录记录
– Cached domain password 缓存中的域管理密码
– Bitlocker recovery information (recovery passwords & key packages) 使用Bitlocker的恢复后遗留的信息
支持的操作系统 : XP/2003/Vista/7/2008/8
1 / USAGE
=========
Here it is how you can use Quarks PWDump:
quarks-pwdump.exe <option(s)> <NTDS file>
Options :
–dump-hash-local
–dump-hash-domain-cached
–dump-hash-domain (NTDS_FILE must be specified)
–dump-bitlocker (NTDS_FILE must be specified)
–with-history (optional)
–output-type JOHN/LC (optional, if no=>JOHN)
–output FILE (optional, if no=>stdout)
Dump options must be user all at once.
In all cases, the tool must be executed on the targeted operating system.
Some command examples:
- Dump domain hashes from NTDS.dit with its history
#quarks-pwdump.exe –dump-hash-domain –with-history
- Dump local account hashes to LC format
#quarks-pwdump.exe –dump-hash-local –output-type LC
- Dump domain hashes from NTDS.dit with its history
#quarks-pwdump.exe –dump-bitlocker –output c:\bitlocker.txt c:\ntds.dit
All features require administrator privileges.
扫一扫
7561
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
