It essentially performs all the functions that bkhive/ samdump2, cachedump, and lsadump2 do, but in a platform-independent way. It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only
available on Windows).
- Alldump has only been tested on python 2.4/2.5. (Python >2.3 will need modification before it will work).
- Python-crypto is required for its MD5/DES/RC4 support.
(Windows version available here)
- Lsadump: system and SECURITY hives
- Cachedump: system and SECURITY hives
- Pwdump: system and SAM hives
It is available from here.
Dump cached domain hashes:
usage: ./cachedump.py <system hive> <security hive>
Dump LSA secrets:
usage: ./lsadump.py <system hive> <security hive>
Dump local password hashes:
usage: ./pwdump.py <system hive> <SAM hive>