adil
/
DigiSpark-Payloads
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
DigiSpark-Payloads/payloads/SAM Dumper
History
Muhammad Talha Khan 39781c5b79
Create SAM_DUMPER.ino 		2019-10-05 12:54:39 +05:00
..
README.md Create README.md 2019-10-05 12:51:51 +05:00
SAM_DUMPER.ino Create SAM_DUMPER.ino 2019-10-05 12:54:39 +05:00

README.md

SAM Dumper

Description:

1: Sam_Dumper.ino:

A small but useful powershell script which works by dumping all the SAM, System, Security files from windows registry and sending them on remote location.

Instuctions:
Before using it make sure the WebHook.site hook is set in SAM_Dumper.ino which you will find in the payload. After you will receive the dumps they will be base64 encoded you can decode them by saving them in file and using following command in powershell which i have used to encode them.

  1. Save Base64 encoded dump into file e.g; SAM.base64.
  2. Use certutils to decode the file with following command
    "certutil.exe -decode SAM.base64 SAM.plain"
  3. Do the same with reset of the files and use your favourite LM/NTLM password Cracker to get passwords oPhCrack, Hashcat, Cain&Able etc.

Tested on:
OS: Windows 10|8|7
User: Admin
Hardware: ATtiny85 (Chinese)