Security Accounts Manager (SAM) is a database in the Windows operating system that contains usernames and passwords; the passwords are stored in a hashed format in a registry hive either as an LM hash or as an NTLM hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM. In this recipe, you will learn about some of the most common ways to dump local user accounts from the SAM database.
Dumping the contents of the SAM database
Getting ready
We will start in a Meterperter session in the Metasploitable 3 target machine, with system privileges running.