HOW TO DUMP PASSWORDS FROM MEMORY

Hello friends in this tutorial you will learn how to dump password from memory. So basically there are lots of applications which such as web browser, vpn clients etc which takes passwords input from the user and store temporary in the RAM and go ahead authenticate and to many of these activities. So how these activities happened. The problem is that the password which is in store in the RAM is unencrypted and it is vulnerable. Now it’s a demo time how’s it works..
 

Step 1 :- So in very first step I used a program called mempass, the code which has been given on the same page and here we see how to dump password from memory by using the combination of mempass application and pmdump.
So in this step first I run mempass application which is available in my C:\hackpassword directory and then it ask a password we give any password it depends upon you here in this scenario I enter a password hackworld.

So once we enter the password and hit enter the mempass clear the screen and show the screen like this…

Step 2 :- Now in this step we open another cmd console and then we run the pmdump program. A pmdump is nothing but a program memory  dumping. so basically what pmdump program allows to do we first list out all the programs which are running currently.
pmdump
pmdump –list  

Step 3 :- So now we can see the mempass is currently running on 2200 process id. Now let’s move and dump the entire memory of the mempass program  so here what I can do I used process id of mempass to dump password in memorypassword.txt file.
pmdump 2200 memorypassword.txt

 Step 4 :- Now let’s move to memorypassword.txt file which is created in my C:\hackpassword directory where all the memory of mempass is dump in the form of hexadecimal.
Then open memorypassword.txt file and find the password.

Note :- So that is all about this tutorial, basically I want to prove you that any program which takes sensitive input such as password and other credential and store them into RAM and it definitely to store it into  entire life time is vulnerable to such memory dumping attacks. So it is possible to a Trojans actually go ahed and monitors the memory in monitors various programs and goes ahed and still all of these credentials. So as a developer it is very important for us to make sure that any user credentials is well protected even it is in the program memory regions.