23rd October 2021

Getting Local User Password Hashes from SAM and SYSTEM Files – Samdump2 and Bkhive Tools

In the Windows operating system, local accounts authenticate via SAM and SYSTEM files. Therefore, the security of SAM and SYSTEM files is critical. The password summaries of local accounts belonging to a Windows computer and registered in the captured SAM and SYSTEM files will be obtained with samdump2 and bkhive tools.

Samdump2 and Bkhive Tools

Copy the captured SAM and SYSTEM files to the desktop of the Kali machine with the samdump2 and bkhive tools installed.

SAM and SYSTEM files
SAM and SYSTEM files

 

Then we get SYSKEY from the SYSTEM file with the bkhive tool.

SYSKEY from the SYSTEM file
SYSKEY from the SYSTEM file

 

Finally, we obtain password summaries of local accounts with this file and the SAM file samdump2 tool.

 SAM file samdump2 tool
SAM file samdump2 tool

 

 

LEARN MORE  What is Karmetasploit? What Does It Do? How to Install Karmetasploit?

Leave a Reply

Your email address will not be published. Required fields are marked *