pwdump7 must be executed as an administrator, as the disk device must be accessed. If running for an offline attack you can specify the SAM and SYSTEM registry hives with the -s flag. package signatures: -------------------- openssl dgst -sha1 libeay32.dll SHA1(libeay32.dll)= 5dc616241164944ee9b2a6cd567dac00af49b238 openssl dgst -sha1 PwDump7.exe SHA1(PwDump7.exe)= 93a2d7c3a9b83371d96a575c15fe6fce6f9d50d3 用法: pwdump7.exe (Dump system passwords) pwdump7.exe -s (Dump passwords from files) pwdump7.exe -d [destionation] (Copy filename to destionation) pwdump7.exe -h (Show this help) -s 是从一个sam文件中提取hash,这个文件在%systemroot%\config\sam,这里. -d 是把一个文件复制到另一个位置,D:\>PwDump7.exe -d c:\pagefile.sys pagefile.dmp 从这个例子中可以看出,他的特别之处在于,可以把进程正在占用的文件复制成功. 解决提示libeay32.dll找不到或缺少的问题 拷贝libeay32.dll到windows/system32下即可

抓取windows系统的sam数据密文，Winnt/2k密码散列值(不可缺)