Extract Windows Hashes Offline
If you have the SAM and SYSTEM files, you can use the impacket-secretsdump
script to dump the hashes.
The SAM and SYSTEM files are located at C:\Windows\System32\config\
impacket-secretsdump -sam SAM -system SYSTEM local
Impacket v0.9.20 - Copyright 2019 SecureAuth Corporation
### Results will be here ;)
# Explaining the arguments
positional arguments:
target [[domain/]username[:password]@]<targetName or address>
or LOCAL (if you want to parse local files)
optional arguments:
-h, --help show this help message and exit
-debug Turn DEBUG output ON
-system SYSTEM SYSTEM hive to parse
-bootkey BOOTKEY bootkey for SYSTEM hive
-security SECURITY SECURITY hive to parse
-sam SAM SAM hive to parse
-ntds NTDS NTDS.DIT file to parse
Last updated