One of the most popular ways to dump password hashes is to utilize samdump2. This can be done by turning on the power of the acquired system and then booting it through our Kali USB stick by making the required changes in the BIOS.
- Once the system is booted through Kali, by default the local hard drive must be mounted as a media drive (assuming the media drive is not encrypted with PGP or similar), as shown in the following screenshot:
- If the drive is not mountable, the attackers can manually mount the drive by running the following commands:
mkdir /mnt/target1 mount /dev/sda2 /mnt/target1
- Once the system is mounted, ...