Dump SAM files using batch script. No "pwdump" necessary.

It sometimes happens that we need to dump the nthashes of the computer that we're on, but no matter how hard we try, we can't get it to work. Maybe the programs we like to use are being blocked by an antivirus, or maybe we need to boot off a CD and the boot device priority is locked and the cmos passworded.

Whatever the problem, I have a very simple solution: Use Windows' own built-in reg tool.

That's right, you can dump the sam hashes straight from the command prompt! Here's how:

reg save HKLM\SAM %computername%.sam
reg save HKLM\SYSTEM %computername%.system

Easy. As. Pie.

8 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Heaps cool. Just a question, why do we save the system file also? New to this field and want to know why more than how :)

    ReplyDelete
  3. where is this dumping to?

    ReplyDelete
    Replies
    1. It's dumped to two files in the directory that you execute the command: [computername].sam and [computername].system. Where [computername] is the hostname of the computer.

      Delete
    2. Is there any way I could save these both commands in a file and enable it to execute as "run as administrator", without copying and pasting each command separately into command prompt?

      Delete
  4. Forgive me if this is a dumb question, but im knew at this. Will these commands work in the Linux terminal as well? Or is it just for windows command prompt. Would you be able to tell me what commands to use for linux? Thanks.

    ReplyDelete
  5. my software in esel eezy how to dump the file
    from another system

    ReplyDelete