SAMdump2

Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.

NOTE Please check secretsdump.py - SAM dump if you are getting empty hashes (31d6cfe0d16ae931b73c59d7e0c089c0).

Installation

sudo apt install samdump2

Usage

samdump2 [OPTION]... SYSTEM_FILE SAM_FILE

Flags

Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM

  -d        enable debugging
  -h        display this information
  -o file   write output to file

Examples

samdump2 -o out /mnt/ntfs/WINDOWS/system32/config/SYSTEM /mnt/ntfs/WINDOWS/system32/config/sam
[email protected]:~$ cd /media/ubuntu/Windows/Windows/System32/config
[email protected]:/media/ubuntu/Windows/Windows/System32/config$ samdump2 SYSTEM SAM
*disabled* Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
*disabled* Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
*disabled* :503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
*disabled* :504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Admin1:1000:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Admin2:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

URL list