Monday, October 31, 2011

Extracting the Password Hashes from a Memory Dump

Via this post in thehackernews.com.


This video explains how to use Volatility to extract the NTLM password hashes from a memory dump, by  finding the memory addresses that belong to the \WiNDOWS\system32\config\SAM and  and \WiNDOWS\system32\config\system.




No comments:

Post a Comment