[foofus-tools] All in one (pwdump6, fgdump, medusa).

Ron ron at skullsecurity.net
Mon Mar 23 11:26:28 PDT 2009

Richard Miles wrote:
> B - In this specific case, my output from pwdump6 do not have full
> hash, it's like this:
> user:18298:NO PASSWORD*********************:AE9B66EA07C92E0DAE170D937CC57C4D:::
> What type is the first half of hash missing? The question is, there is
> anyway to brute force it? Using rainbow tables?
> Or how to use it in tools like Pass The Hash Toolkit.
Besides what jmk said, also note that Vista and above (2008, 7, etc) 
disable Lanman by default, you'll only get NTLM.

You can use the PTH program "iam.exe", the Samba patch works, 
Metasploit's windows/smb/psexec payload, or my Nmap scripts (in Nmap 
4.85beta3 and higher), depending on what you're trying to do.

> C - I believe everybody should ask about it. Most AV today detect
> pwdump6 and fgdump and make it a bit harder for use. Do you suggest me
> some link to learn how to effectively avoid them?
I've had great luck with UPX to get past AV (works perfectly on Trend, 
for sure).

The best way to do it is probably to write your own encoder. Any public 
one could be detected.

Hope that helps!

More information about the foofus-tools mailing list