It sometimes happens that we need to dump the nthashes of the computer that we're on, but no matter how hard we try, we can't get it to work. Maybe the programs we like to use are being blocked by an antivirus, or maybe we need to boot off a CD and the boot device priority is locked and the cmos passworded.
Whatever the problem, I have a very simple solution: Use Windows' own built-in
reg tool.
That's right, you can dump the sam hashes straight from the command prompt! Here's how:
reg save HKLM\SAM %computername%.sam
reg save HKLM\SYSTEM %computername%.system
Easy. As. Pie.
win
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHeaps cool. Just a question, why do we save the system file also? New to this field and want to know why more than how :)
ReplyDeleteto decrypt the sam file
Deletewhere is this dumping to?
ReplyDeleteIt's dumped to two files in the directory that you execute the command: [computername].sam and [computername].system. Where [computername] is the hostname of the computer.
DeleteIs there any way I could save these both commands in a file and enable it to execute as "run as administrator", without copying and pasting each command separately into command prompt?
DeleteForgive me if this is a dumb question, but im knew at this. Will these commands work in the Linux terminal as well? Or is it just for windows command prompt. Would you be able to tell me what commands to use for linux? Thanks.
ReplyDeletemy software in esel eezy how to dump the file
ReplyDeletefrom another system