Dump Windows System Info

When you were asked to collect all Windows system information such as list of users, services, software installed and its version, Windows update history etc, you probably want to see these tools:

System Information Collector

WinUpdatesList v1.31
WinAudit Freeware v2.28.2

SAM/Password Extractor

pwdump7* ( v7.1 ) (detected as HackTool/Possible Unwanted Application)
FGDump* (detected as HackTool/Possible Unwanted Application)
Offline NT Password & Registry Editor by Petter Nordahl-Hagen (must be done in offline mode/reboot the system)

Note: If you are familiar with reverse engineering, making those HackTool/PUA undetectable is the best choice 😀

or

Using Metasploit and attack your target system. Meterpreter payload contains a lot of user scripts that can be useful to dig system info. I suggest the attack against Internet Explorer since it may not harm the system/service running.

J. Dravet wrote various techniques in order to retrieve the passwords, and of course it depends on your goal, use it wisely.

Good luck 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *