Dump|Crack remote SAM|SYSTEM Files

Description

This Module allows attackers to Dump Remote-Host 'SAM|SYSTEM' registry entrys to a text file ($env:tmp\sam | $env:tmp\system) to be then manualy downloaded (using meterpeter download module) and Cracked using 'samdump2' and 'John the Ripper' kali native applications.
[url] Credential Dumping - Mitre ATT&CK T1044

Remark

• The Module Used in this article requires the Client to be executed with Administrator Privs
  
• Instructions how to Install 'meterpeter' under new windows terminal can be review <here>
  
  

Article Quick Jump List

• meterpeter - Dump SAM|SYSTEM reg Files
• meterpeter - Download SAM|SYSTEM backup files
• meterpeter - Crack hashes using samdump2 and John the Ripper

---

Dump SAM|SYSTEM reg Files

1º - Sellect meterpeter 'PostExploit' Module

2º - Sellect meterpeter 'DumpSAM' Module
This Module will Retrieve target machine regedit 'sam' and 'system' keys into '$env:tmp' dir.

• Jump To Top
  

---

Download SAM|SYSTEM backup files

1º - Use meterpeter 'Download' module to download 'sam' file to meterpeter working dir.

• Jump To Top
  

---

Crack hashes using samdump2 and John the Ripper ('Linux Distros')

• Use this article to crack sam and system reg backup files downloaded from remote-host
  

• Jump To Top
  

---