We have developed a new password dumper for windows named PWDUMP7. The main difference between pwdump7 and other pwdump tools is that our tool runs by extracting the binary SAM and SYSTEM File from the Filesystem and then the hashes are extracted. For that task Rkdetector NTFS and FAT32 filesystem drivers are used.



Pwdump7 is also able to extract passwords offline by selecting the target files.




Usage Information: Pwdump v7.1 - raw password extractor
Author: Andres Tarasco Acuna
url: http://www.514.es

usage:
pwdump7.exe (Dump system passwords)
pwdump7.exe -s <samfile> <systemfile> (Dump passwords from files)
pwdump7.exe -d <filename> [destionation] (Copy filename to destionation)
pwdump7.exe -h (Show this help)


One of the powerfully features of pwdump7 is that can also be used to dump protected files. You can always copy an used file just executing: pwdump7.exe -d c:\lockedfile.dat backup-lockedfile.dat.
Note that this tool can only used against SAM and SYSTEM Files. Active directory passwords are stored in the ntds.dit file and currently the stored structure is unknown.

Download pwdump (Windows executable)