Sie sind auf Seite 1von 5

Tool

Cain & Abel pwdump2 pwdump6 pwdump7 fgdump PWDumpX gsecdump carrot Metasploit hashdump (post modules/script/command) mimikatz bkhive / samdump2 ntds_dump_hash pwhist lsadump2 LSASecretsDump LSASecretsView Network Password Recovery (netpass) Metasploit gather/credentials/enum_cred_store (post module) Protected Storage PassView (pspv) Metasploit gather/credentials/windows_autologin (post module) Windows Credentials Editor (WCE) Pass-The-Hash Toolkit Incognito find_token lslsass RunhAsh msvctl cachedump Metasploit gather/cachedump (post module) WirelessKeyView Metasploit wlan/wlan_profile (post module) vncpwdump VNCPassView Metasploit gather/vnc (post module) and getvncpw (script)

Command line GUI Local


No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Yes Yes No No No No No No No No No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes

Yes Yes

Remote
Yes (Abel) No Yes No Yes Yes No No Yes No No No No No No No No Yes No Yes No No Yes Yes No No No No Yes No Yes No No Yes Yes (in-memory) Yes (in-memory)

SAM
Yes (in-memory and from reg files)

Password history
Yes No Yes No Yes Yes No No No No No No Yes No No No No No No No No No No No No No No No No No No No No No

LSA secrets
Yes No No No No Yes Yes No No No No No No Yes Yes (unreliable) Yes (unreliable) No No No No No No No No No No No No No No No No No No

Yes ("in-memory" and from reg files) Yes (in-memory) Yes (in-memory) Yes (in-memory) Yes (in-memory) Yes (in-memory) Yes (from registry files) Yes (from registry files) Yes (domain users, from ntds.dit) No No No No No No No No No No No No No No No No No No No No No No

Credential manager
Yes No No No No No No No No No No No No No No No Yes Yes No No No No No No No No No No No No No No No No No No No

Protected storage
Yes

Autologin
No No No No No No No No No No No No No No No No No No No Yes No No No No No No No No No No No No No No No No No No No No Yes No No

Logon sessions

Yes No No Yes No No No No No No No No No No Yes No No No No No No No No No No No No No No No

Yes (dump) No No No No No No No No No No Yes (dump and impersonate) Yes (dump and impersonate) Yes (dump and impersonate) Yes (dump) Yes (dump) Yes (impersonate) Yes (dump and impersonate) No No No No No No No

Cached domain creds


Yes No No No Yes Yes No No No No No No No No No No No No No No No No No No No No No Yes Yes No No No No No

Wireless
Yes No No No No No Yes Yes No No No No No No No No No No No No No No No No No No No No No Yes Yes No No No

VNC 32-bit
Yes No No No No No No Yes No No No No No No No No No No No No No No No No No No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

64-bit
Yes No Yes Yes Yes No Yes (!) Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes No (?) Yes Yes No No Yes Yes Yes No No Yes Yes Yes Yes (?) Yes (?) Yes

Windows NT/2000/XP/2003
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes

Windows Vista/2008/7
Yes No No Yes Yes Yes Yes (!) Yes (requires .NET framework 3.5 installed) Yes Yes Yes Yes Yes No (?) Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes No No (?) Yes Yes Yes Yes Yes Yes