Metasploit: Finding Password in Windows Password Hash File

With the meterpreter shell session open

meterpreter > hashdump

The contents of the target system’s password hash file are output to the screen.


Each field is separated with colon. The fields are:

1st field: username (Administrator, User1, etc.)

2nd field: Relative Identification (RID): last 3–4 digits of the Security Identifier (SID), which are unique to each user

3rd field: LM hash

4th field: NTLM hash

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A Website.

Up ↑

%d bloggers like this: