PWDump6 (http://www.foofus.net/fizzgig/pwdump)

Based on the wildly popular pwdump3e, it's been updated and modernized a 
bit to suit our needs, and has been useful to other folks in the security 
assessment community as well. It runs very much in a similar fashion as 3e, 
but has the following changes:

・Locates any available, writable share, not just ADMIN$
・Replaces the remote registry method of remote communication with a named 
pipe method
・Eliminates dependency on the CryptoAPI, which appeared to cause certain 
problems for us in rare circumstances
・Marks itself as executable when writing to the LSASS process, thereby 
avoiding some NX problems

If you've had trouble with pwdump crashing some boxen, give pwdump6 a try.


fgdump (http://www.foofus.net/fizzgig/fgdump)

fgdump really started as a simple wrapper around pwdump. Certain AV 
programs reacted poorly to pwdump; the worst cases resulted in an AV solution 
consuming 100% of the CPU, requiring a reboot typically. So initially, fgdump 
simply shut down AV before running pwdump, but now it does much more. Major 
features include:

・Support for multiple hosts using text files
・Automatic binding/unbinding to IPC$
・Detection, automatic shutdown and restart of a number of common AV 
solutions
・Password dumping using pwdump6
・Cached credential dumping using cachedump
・Ability to write results to a log, including summaries