Attacking SAM
Copying SAM Registry Hives
There are three registry hives that we can copy if we have local admin access on the target; each will have a specific purpose when we get to dumping and cracking the hashes. Here is a brief description of each in the table below:
Dumping SAM with Mimikatz
Using reg.exe save to Copy Registry Hives
Dumping Hashes with Impacket's secretsdump.py
Cracking Hashes with Hashcat
Remote Dumping & LSA Secrets Considerations
Dumping LSA Secrets Remotely
Dumping SAM Remotely
Last updated