secretsdump.py, impacket-secretsdump : add page (#15812)

* secretsdump.py: add page * impacket-secretsdump: add Alias * Update secretsdump.py.md Update examples * Update pages/common/secretsdump.py.md Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> --------- Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com>
2025-07-23 07:35:24 +02:00 · 2025-03-01 11:42:05 +02:00 · 2025-03-01 11:42:05 +02:00 · 6b3df4ec4c
commit 6b3df4ec4c
parent 7282a4abf8
2 changed files with 33 additions and 0 deletions
--- a/pages/common/impacket-secretsdump.md
+++ b/pages/common/impacket-secretsdump.md
@ -0,0 +1,8 @@
+# impacket-secretsdump
+
+> This command is an alias of `secretsdump.py`.
+> More information: <https://github.com/fortra/impacket>.
+
+- View documentation for the original command:
+
+`tldr secretsdump.py`
--- a/pages/common/secretsdump.py.md
+++ b/pages/common/secretsdump.py.md
@ -0,0 +1,25 @@
+# secretsdump.py
+
+> Dump NTLM hashes, plaintext passwords, and domain credentials from remote Windows systems.
+> Part of the Impacket suite.
+> More information: <https://github.com/fortra/impacket>.
+
+- Dump credentials from a Windows machine using a username and password:
+
+`secretsdump.py {{domain}}/{{username}}:{{password}}@{{target}}`
+
+- Dump hashes from a machine using pass-the-hash authentication:
+
+`secretsdump.py -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}}@{{target}}`
+
+- Dump credentials from Active Directory’s NTDS.dit file:
+
+`secretsdump.py -just-dc {{domain}}/{{username}}:{{password}}@{{target}}`
+
+- Extract credentials from a local SAM database using registry hives:
+
+`secretsdump.py -sam {{path/to/SAM}} -system {{path/to/SYSTEM}}`
+
+- Dump hashes from a machine without providing a password (if a valid authentication session exists, e.g. via Kerberos or NTLM SSO):
+
+`secretsdump.py -no-pass {{domain}}/{{username}}@{{target}}`