“The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number of new features, the most significant of which is that both tools now support 64-bit targets.
We are also pleased to announce the creation of a mailing list for the purposes of tool support, bug reports, feature requests and new revision announcements. This mailing list currently covers fgdump, pwdump and medusa. Feel free to sign up at http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net.
For all the details on the latest fgdump and pwdump releases, please visit their home pages:
If you don’t know what fgdump is and how it differs from pwdump…basically, fgdump attempts to shutdown local anti-virus before attempting to dump the password hashes and it also pulls cached credentials. Fgdump is a great tool if you still need to dump the hashes of a system (which in a pentest I always like to conduct a password strength test for clients by running hashes through John (large wordlist and incremental mode). Once you have the hash, you can also use a “pass-the-hash” utility like the one created by the foofus.net team (for Linux) or the one released by Core Security Technologies (for Windows).