You are here: Home > Security & Privacy > Decrypting & Decoding > creddump

creddump 1.7

creddump is a Decrypting & Decoding tool for Security & Privacy, by Massimiliano Montoro. creddump is a software application that will dump passwords from user's credential files and show them in they're cleartext form.

Massimiliano Montoro
Run on OS:
Windows XP / 2003
File type:
File size:
76 KB
Updated on:
Apr 11, 2014
Check Reviews
Softmenu rating: 5/10

creddump 1.7 Reviews - by Softmenu Editor

It is one of the best Decrypting & Decoding software that I have ever used for Security & Privacy.


Software Description - by Publisher

This software description is given by Massimiliano Montoro - the software publisher/developer, and almost no changes made by softmenu.

Full Description see below:

creddump is a software application that will dump passwords from user's credential files and show them in they're cleartext form.

Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP to provide a secured store for credential information.

Credential Manager allows you to input user name and passwords for various network resources and applications once, and then have the system automatically supply that information for subsequent visits to those resources without your intervention.

One example is the command:
net use * computer_nameshare_name /user:user_name password /savecred

Credential Manager stores user's credentials in the following files:

- Enterprise Credential Set:
Documents and Settings%Username%Application DataMicrosoftCredentials%UserSID%Credentials

- Local Credential Set:
Documents and Settings%Username%Local SettingsApplication DataMicrosoftCredentials%UserSID%Credentials

On WindowsXP, the application "Stored User Names and Passwords", that can be found under Start-> Settings-> Control Panel-> User Accounts-> 琧ount% -> Manage my network passwords, allows you to manage this kind of credentials.


The program follows the same methodology used by Todd Sabin in his PWDUMP2 program to decrypt credential files. It uses the "DLL injection" technique to run a thread in the same security context of the Local Security Authority Subsystem process.

The thread's executable code must first be copied to the address space of LSASS process and this requires an account with the SeDebugPrivilege user right.

By default only Administrators have this right. Once injected and executed, the thread will run with the same access privileges of the Local Security Authority Subsystem and will use the native undocumented LsaICryptUnprotectData API from LSASRV.DLL to decrypt the credentials file.

The thread stores the output of this API in a temporary file named cred.txt located in the same directory of the program. Finally, user's credentials are dumped and put ont the screen.

Credential Manager can store various kind of passwords, they can be saved as MultiByte or WideChar strings, security BLOBS and certificates too. The choice of the final encryption method is left to the user.

The program will try to recognize plaintext passwords stored as MultiByte strings or WideChar strings, and will also decode Passport and Standard (no entropy) credential BLOBS originally stored using the CryptProtectData API.


Copy the executable files (creddump.exe, creddump.dll) in the same directory and type creddump at the command prompt.

Supported Operating System:

Windows XP / 2003

Running requirements

Need not extra requirement except the OS environments mentioned above.


Please check the license above, if this is a freeware, it will be no limitation, else it may have the days or times limitation, please read the specifications attached with the download file carefully.

Tested virus free - creddump has been tested to be a safe software on Apr 11, 2014.

Softwares Searches Related to creddump

Bookmark or share this page to your friends

copy bookmark
copy bookmark
copy bookmark

creddump Related Softwares


IRS is a software application that acts like a "valid source IP address" scanner for a given service, not like a port scanner as many would think.Many servers and network devices like ...


sTerm is a Telnet client with a unique feature. It can establish an entire bi-directional Telnet session to a target host never sending your real IP and MAC addresses in any packet.


cPfPc is a software that produces the encrypted form of PIX passwords without the need to access the device.Networks and security administrators can use it to write authentication informations ...

IP Restrictions Scanner

Many servers and network devices like routers and switches provides features like ACLs, IP Filters, Firewall rules and so on to give access to their Services only to particular network ...

Cain & Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, ...

Latest Software Topic