August 5th, 2005, 03:15 AM
Help using pwdump2
I did the password dump just as it was instructed, and it made the password file in my root folder, but when I go and look in it, it says,
Pwdump2 - dump the SAM database.
Usage: pwdump2.exe <pid of lsass.exe>
and thats it.
If someone could tell me the issue that'd be great. I just set up my cluster and I wanted to try to practice on some of my passwords, I have full admin rights so thats not it. No idea whats up.
August 5th, 2005, 04:00 AM
Sorry, I deleted my post above by accident.
ElDesperado : Slow down. READ THE INSTRUCTIONS AGAIN. You are making a silly mistake. Sleep on it. Try again tomorrow.
I don't mean to be a pain in the ass, and I am not a know-it-all, but you have to help yourself before you jump to asking silly questions that are answered easily by reading what is in front of you.
August 5th, 2005, 04:03 AM
Well, in the readme it doesn't give instructions, I downloaded it from reading this thread,
And the only thing he says to do is
2. First download Pwdump2 from here (an application used to dump Windows 2000/XP SAM file)
3. at the command line, type “ pwdump2 > c:\passwd “. This will create a copy of your password file called passwd on the root of your c:\ drive.
August 6th, 2005, 07:35 PM
If I recall correctly, to use pwdump2 you do something along the lines of the following (after taking both pwdump2.exe and all the DLLs files and putting them together in the same directory):
This will write the contents of the SAM to the console. To save to a file so you can reread/use it for later:
If you want to find the pid of lsass.exe, just use the Task Manager to find the process id, and then put that number after pwdump2. Lets say our pid was 1234:
[C:\pwdump2] pwdump2 > passwd.txt
[C:\pwdump2] pwdump2 1234
...This Space For Rent.
August 6th, 2005, 07:43 PM
I believe the OP was making a syntax error in his command : pwdump2 [whatever error] > c:\passwd. Instead of writing the hashes to c:\passwd he was writing the usage. The newest version of pwdump2 finds the pid automatically.
Answer : read carefully.