NtPassDump: Improved password reminder tool with Novell Support


I guess that most of you should know a tool named "Password remidender" (findpass) from http://www.smidgeonsoft.com/ that allows administrator users to dump, from the winlogon memory, clear text passwords that belongs to logged users. To achieve that task, its necesary to specify the winlogon pid, username and domainname as a runtime parameter.

There is also a known limitation for that great tool. Password reminder should work only with MSGINA.dll so, if the Novell client is installed ( NWGINA.DLL) the application doesnt work.
A few months ago, on a penetration test under a Novell enviroment i have added support for Novell passwords, that are stored in cleartext under winlogon.exe memory. The code isnt 100% accurate but it works most times.

Novell Password memory Dumper

Some more features, like UserID and winlogon PId bruteforce have been added.


Tested under Novell Client 4.91 SP5.

Download Winlogon password dumper

NtPassDump: Improved password reminder tool with Novell Support

Tarasco.org - Smashing your networks for fun and proffit

© Andres and Miguel Tarasco. All rights reserved.