by Windows stores user account passwords in SAM file. This file contains hashes of passwords. This SAM file cannot be opened directly by the user, so we have to dump it.
Tools used : Mimikatz John The Ripper , Hashcat.
Dumping SAM file:
For this we need to copy sam and system files from their original path to anywhere.
Copying SAM and SYSTEM files using CMD.
Step 1: Run CMD as administrator and run following commands.
Step 2: open Mimikatz and run the following commands.
We obtained the NTLM hash from the SAM file using Mimikatz.
Now, copy this hash and save it in a notepad file.
Obtaining password from john the ripper and hashcat:
- Download john the ripper
- Extract on desktop
- Paste the notepad file in RUN in john the ripper folder.
- Open cmd
- Go to john the ripper.
- Go to run
- Run the following command.
Windows:
Kali Linux:
Note: 2602 is our password.
Using hashcat :
Run the following command in terminal.
hashcat -m 1000 -a 0 filename usr/share/wordlists/rockyou.txtNote : 1000 — for NTLM hash.
Note:
Wordlist rockyou.txt.gz is compressed by default.
So unzip the file to use it.
Go to the file location via terminal and type:
find / -name rockyou.txt 2</dev/null
gzip -d rockyou.txt.gz
As a Newbie, I am always exploring online for articles that can help me. Thank you
hello!,I love your writing so much! percentage we keep in touch extra about your post on AOL? I require an expert on this area to resolve my problem. Maybe that’s you! Taking a look forward to see you.