Return to Red Team Tools, Red Team or Password cracking
* '''pwdump Utility''': The executable tool that performs the extraction of password hashes. * '''SAM Database''': The database file from which pwdump extracts the hashes. * '''SYSTEM Hive''': A file that pwdump uses to decrypt the SAM database.
* '''Hash Extraction''': Extracts both LM and NTLM password hashes. * '''Offline and Live Extraction''': Can perform extraction on a live system or from offline registry files. * '''Compatibility''': Supports various versions of Windows, including older and newer releases.
```cmd pwdump > hashes.txt ``` This command runs pwdump and redirects the output to a file named `hashes.txt`.
```cmd pwdump SAM SYSTEM > hashes.txt ``` This command uses the SAM and SYSTEM files provided and redirects the output to `hashes.txt`.
```plaintext Administrator:500:8846f7eaee8fb117ad06bdd830b7586c:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: john:1001:b4b9b02e6f09a9bd760f388b67351e2b:efe8492c8a6a78a2d950f295d4d1e4c8::: ``` * **Administrator:500**: The username and User ID (UID). * **8846f7eaee8fb117ad06bdd830b7586c**: The LM hash (if available). * **31d6cfe0d16ae931b73c59d7e0c089c0**: The NTLM hash.