Security Accounts Manager (SAM) is a database in the Windows operating system that contains usernames and passwords; the passwords are stored in a hashed format in a registry hive either as an LM hash or as an NTLM hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM. In this recipe, you will learn about some of the most common ways to dump local user accounts from the SAM database.
Dumping the contents of the SAM database
Get Metasploit Penetration Testing Cookbook - Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.