New versions of fgdump and pwdump released

April 29, 2008 – 4:46 AM

The latest versions of fgdump and pwdump have been released by the team. Looks like the most important change is that both tools support 64-bit targets. Here is the official announcement:

“The team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number of new features, the most significant of which is that both tools now support 64-bit targets.

We are also pleased to announce the creation of a mailing list for the purposes of tool support, bug reports, feature requests and new revision announcements. This mailing list currently covers fgdump, pwdump and medusa. Feel free to sign up at
For all the details on the latest fgdump and pwdump releases, please visit their home pages:”

If you don’t know what fgdump is and how it differs from pwdump…basically, fgdump attempts to shutdown local anti-virus before attempting to dump the password hashes and it also pulls cached credentials. Fgdump is a great tool if you still need to dump the hashes of a system (which in a pentest I always like to conduct a password strength test for clients by running hashes through John (large wordlist and incremental mode). Once you have the hash, you can also use a “pass-the-hash” utility like the one created by the team (for Linux) or the one released by Core Security Technologies (for Windows).

Source: Spylogic

  1. One Response to “New versions of fgdump and pwdump released”

  2. All these are great BUT there none that can Kill
    Mircosoft Spywear C:\WINDOWS\Registration\R00000000000a.clb.


    By Ken on Jun 10, 2009

You must be logged in to post a comment.