samdump2 and chntpw

One of the most popular ways to dump password hashes is to utilize samdump2. This can be done by turning on the power of the acquired system and then booting it through our Kali USB stick by making the required changes in the BIOS.

  1. Once the system is booted through Kali, by default the local hard drive must be mounted as a media drive (assuming the media drive is not encrypted with PGP or similar), as shown in the following screenshot:
  1. If the drive is not mountable, the attackers can manually mount the drive by running the following commands:
mkdir /mnt/target1
mount /dev/sda2 /mnt/target1
  1. Once the system is mounted, ...

Get Mastering Kali Linux for Advanced Penetration Testing - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.