16th November 2024
Kali / Pentest / Security / Windows

Getting Local User Password Hashes from SAM and SYSTEM Files – Samdump2 and Bkhive Tools

ÖMER ŞIVKAby ÖMER ŞIVKA

In the Windows operating system, local accounts authenticate via SAM and SYSTEM files. Therefore, the security of SAM and SYSTEM files is critical. The password summaries of local accounts belonging to a Windows computer and registered in the captured SAM and SYSTEM files will be obtained with samdump2 and bkhive tools.

Samdump2 and Bkhive Tools

Copy the captured SAM and SYSTEM files to the desktop of the Kali machine with the samdump2 and bkhive tools installed.

SAM and SYSTEM files
SAM and SYSTEM files

 

Then we get SYSKEY from the SYSTEM file with the bkhive tool.

SYSKEY from the SYSTEM file
SYSKEY from the SYSTEM file

 

Finally, we obtain password summaries of local accounts with this file and the SAM file samdump2 tool.

SAM file samdump2 tool
SAM file samdump2 tool

 

 

LEARN MORE  Some Scenarios for DLP (Data Loss Prevention) POC

ÖMER ŞIVKA

View all posts by ÖMER ŞIVKA →

You might also like

What is the “I Know You” Tool? How to Use?

What is Drvinst.exe? What does it do?

What is Cacti and How to Install and Configure Cacti on Ubuntu.

Leave a Reply

Your email address will not be published. Required fields are marked *