Copyright (c) 2006 - 2009 Nir Sofer
LSASecretsDump is a small console application that extract the LSA secrets from the Registry,
decrypt them, and dump them into the console window.
The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your
RAS/VPN passwords, Autologon password, and other system passwords/keys.
- Version 1.21 - Fixed a problem with Application Compatibility Engine on Windows 7/Vista:
In some rare circumstances, this utility was shimmed by Application Compatibility Engine, which means that
apphelp.dll and AcLayers.DLL were loaded into the process and replaced the Windows API pointers in the exports table.
This API replacement caused this utility to crash lsass.exe and restart the operating system after a minute.
This problem occured when running this utility from NirLauncher package,
because the executable of NirLauncher contains the word 'launch', and from unknown reason,
Microsoft automatically shim every executable that contains the word 'launch'.
- Version 1.20 - Added support for reading the LSA secrets from external drive.
- Version 1.10 - Added support for Windows Vista.
- Version 1.00 - First release.
This utility is released as freeware.
You are allowed to freely distribute this utility via floppy disk, CD-ROM,
Internet, or in any other way, as long as you don't charge anything for this.
If you distribute this utility, you must include all files in
the distribution package, without any modification !
The software is provided "AS IS" without any warranty, either expressed or implied,
including, but not limited to, the implied warranties of merchantability and fitness
for a particular purpose. The author will not be liable for any special, incidental,
consequential or indirect damages due to loss of data or any other reason.
LSASecretsDump is a console application, so in order the view the output, you have to run it in
console (Command-Prompt) window.
As with any console application, you dump the output into a file, for example:
LSASecretsDump.exe > c:\temp\lsa.txt
-external <Windows Directory>
Dump the LSA secrets from external instance of Windows installation.
LSASecretsDump.exe -external p:\windows
dump also empty items.
This utility works on Windows 2000/XP/2003/2008/Vista/7. Windows 98/ME is not supported.
If you have any problem, suggestion, comment, or you found a bug in my utility,
you can send a message to firstname.lastname@example.org