Skip to main content
Version: Axidian Privilege 3.2

Dumping Passwords

In an emergency, if the Axidian Privilege components fail, you can dump the privileged account passwords from the Axidian Privilege database.

Location of dump utility: ..PAM_3.2\axidian-pam-tools\dump\Pam.Tools.Dump.exe.

Editing the Configuration File

At first, Open the utility config file axidian-pam-tools\Dump\appsettings.json and specify the access parameters for the Core database:

Database section:

  • Database—DBMS provider

    • mssql—Microsoft SQL Server
    • pgsql—PostgreSQL, PostgreSQL Pro

  • ConnectionStrings—DBMS connection string

    MicrosoftSQL connection string
    • Data Source—the name of the DBMS server or named instance
    • Initial Catalog—database name
    • User ID—database connection account
    • Password—account's password
    • other options available, see documentation for SqlClient 3.0 .NET Core 
    "ConnectionString": "Data Source=sql.domain.local; Initial Catalog=IPAMCore; Integrated Security=False; User ID=IPAMSQLService; Password=password"
    caution

    If using a Named Instance of Microsoft SQL Server, the value of the Server parameter must be specified in the Server Name\Named instance format.

    "PamCore": "Data Source=sql\\instance; ..."
    PostgreSQL connection string
    • Host—the name of the DBMS server or named insta
    • Database—database name
    • Username—database connection account
    • Password—account's password
    • other options available, see documentation for Npgsql connection string
    "ConnectionString": "Host=sql.domain.local; Database=IPAMCore; Integrated Security=False; Username=IPAMSQLService; Password=password"

Encryption section:

  • Algorithm—Core database encryption algorithm
  • Key—Core database encryption key

Launching the Utility

The utility can be executed with the following arguments:

  • decrypt-ssh-key—decrypting encrypted exported ssh key of the account
  • decrypt-password—decrypting encrypted exported password of the account
  • decrypt-secrets—decrypting credentials of accounts from specified or choosen folder
  • ssh-key—dumping the SSH key of the account, you must specify the account, for example:
    Pam.Tools.Dump.exe ssh-key --name res2\administrator
  • password—dumping the password of a privileged account, you must specify an account, for example:
    Pam.Tools.Dump.exe password --name res2\administrator
  • all-secrets—dumping all credentials to the .\Results folder, or to the specified one. Passwords will be dumped to accounts.csv file, keys will be dumped to sshKeys folder in separate files. Example command:
    Pam.Tools.Dump.exe all-secrets --output c:\temp
  • help—displaying more information of a specific command
  • version—displaying version information