In previous post about dumping password I have just discussed about pwdump but haven’t provided any tutorial. In this post I am providing most basic tutorial on using pwdump. You don’t need to worry about any other options than what I ll discuss here since you will never face any problem even if you never use them, actually the options that will not be discussed in this post never really gets used. Pwdump can practically dump password hashes from any version of windows. You can down load pwdump6 from following link.
To dump passwords from your own system type,
E:\Tools>Pwdump.exe localhost
it’ll dump password hashes on screen, to take output on file redirect output as,
E:\Tools>Pwdump.exe localhost > password.txt
Now note that for dumping password from any machine you’ll require admin privileges, it’ll not work for you if your account is standard account and not the admin one.
If you want to dump password from remote machine you’ll need to supply user-name and password of administrator along with IP address.
E:\Tools>Pwdump.exe 192.168.248.128 -u Max -p 12345
In above command 192.168.248.128 is IP address one of the machines connected in my LAN setup. Option “ -u ” specifies user name and “ -p ” specifies password for user Max which is administrator of system with IP address 192.168.248.128 . Above command will work if IPC$ share is open for remote connection if not you have to specify share which is open for connection use command in following way to connect to share open for remote connection.
E:\Tools>Pwdump.exe 192.168.248.128\share_name$ -u Max -p 12345
To know is there any share open for remote connection or not type following command in your command prompt.
C:\>net share
If you find word remote in remarks section after execution that means share is open for remote connection. If you want to check shares for remote host append above command by remote host’s IP address. If you get list means you can connect else you can not dump passwords from remote host. To get dumped passwords in file append commands by “> passord.txt”. Ok I hope that is easy to understand, if you still have got any problems feel free to ask. Thanks for reading and keep visiting.
XtraWeb 
I downloaded pwdump but I found a number of pwdump.exe files. Which one should I select?
Secondly, what is the significance of E:\Tools directory?
Get the current version. And E:\Tools is the working directory where i stored the pwdump.exe . You can use the location wherever you store the pwdump file from cmd
When I run pwdump7 on a Windows 8.1 system on which I’ve created a couple of local accounts, the pwdump7 results seem to show that both a LM and a NT hash are created. Yet the Registry shows that no LM hash is created. Anyone know what’s going on?
Try this mate :
http://j3r3m.blogspot.in/2012/11/windows-8-hash-dump-still-works.html
Fgdump works
as i click on download link it shows “this page is blocked for your security”.
is there another way to download pwdump
yep use ftp