Windows app helping you to sort out the relevant parts from your favorite Windows hash dumping tool (Metasploit, PWdumpX, fgdump, etc.). pwClean can remove systems, history and built-in accounts, as well as select admin accounts only.
There many tools available with same and more feature and most of them are free. Still.
Penetrtion testers can use this tool for example while doing a pentest and got several system rooted, maybe even a domain controller. One of the steps after compromise is getting the password hashes to get them cracked. Knowing the passwords in stead of only the hashes is an important step as it
can for example provide you with access to that important financial application that is not AD-integrated.
But now you have got this text file with over 100K lines of password hashes. Sorting of the hashes before cracking is essential as your favorite tool dumps the hashes of many, many accounts that you are not interested in (system accounts, built-in, history, etc).
You can filter by hand or use your favorite text editor. But you need it to be faster, easier.
Features of pwClean
There many tools available with same and more feature and most of them are free. Still.
Penetrtion testers can use this tool for example while doing a pentest and got several system rooted, maybe even a domain controller. One of the steps after compromise is getting the password hashes to get them cracked. Knowing the passwords in stead of only the hashes is an important step as it
can for example provide you with access to that important financial application that is not AD-integrated.
But now you have got this text file with over 100K lines of password hashes. Sorting of the hashes before cracking is essential as your favorite tool dumps the hashes of many, many accounts that you are not interested in (system accounts, built-in, history, etc).
You can filter by hand or use your favorite text editor. But you need it to be faster, easier.
Features of pwClean
- independent for password dumping tool used (support for pwdump, pwdumpX, gsecdump, fgdump);
- graphical user interface for easy clicky-click (I know you windows pentesters like that); can select administrative accounts identified by *adm*;
- lets you select your domain specific ‘admin’ tag, e.g. if the naming convention uses ‘oper_’ you enter ‘oper_’ as the admin identifier;
- can remove system accounts (the accounts with the trailing $);
- an remove built-in accounts like Guest, krbtgt, SUPPORT_388945a0, HelpAssistant, TSInternetUser, IWAM_* and IUSR_*;
- can remove history accounts (_hist or _1) and wil remove the ‘(current)’ tag; supports multiple input files.
Features coming soon.
1. removal of accounts of which only the SID is know and not the name (orphaned/deleted accounts with
1. removal of accounts of which only the SID is know and not the name (orphaned/deleted accounts with
the long numbers instead of an account name)
2. drag ‘n drop
2. drag ‘n drop
Download from here: Download
0 comments:
Post a Comment