From 6b3df4ec4c63bf80b21709ad74d8ca227e82a1bf Mon Sep 17 00:00:00 2001
From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com>
Date: Sat, 1 Mar 2025 11:42:05 +0200
Subject: [PATCH] secretsdump.py, impacket-secretsdump : add page (#15812)

* secretsdump.py: add page

* impacket-secretsdump: add Alias

* Update secretsdump.py.md

Update examples

* Update pages/common/secretsdump.py.md

Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com>

---------

Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com>
---
 pages/common/impacket-secretsdump.md |  8 ++++++++
 pages/common/secretsdump.py.md       | 25 +++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 pages/common/impacket-secretsdump.md
 create mode 100644 pages/common/secretsdump.py.md

diff --git a/pages/common/impacket-secretsdump.md b/pages/common/impacket-secretsdump.md
new file mode 100644
index 0000000000..b67d00ec28
--- /dev/null
+++ b/pages/common/impacket-secretsdump.md
@@ -0,0 +1,8 @@
+# impacket-secretsdump
+
+> This command is an alias of `secretsdump.py`.
+> More information: <https://github.com/fortra/impacket>.
+
+- View documentation for the original command:
+
+`tldr secretsdump.py`
diff --git a/pages/common/secretsdump.py.md b/pages/common/secretsdump.py.md
new file mode 100644
index 0000000000..16519d466e
--- /dev/null
+++ b/pages/common/secretsdump.py.md
@@ -0,0 +1,25 @@
+# secretsdump.py
+
+> Dump NTLM hashes, plaintext passwords, and domain credentials from remote Windows systems.
+> Part of the Impacket suite.
+> More information: <https://github.com/fortra/impacket>.
+
+- Dump credentials from a Windows machine using a username and password:
+
+`secretsdump.py {{domain}}/{{username}}:{{password}}@{{target}}`
+
+- Dump hashes from a machine using pass-the-hash authentication:
+
+`secretsdump.py -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}}@{{target}}`
+
+- Dump credentials from Active Directory’s NTDS.dit file:
+
+`secretsdump.py -just-dc {{domain}}/{{username}}:{{password}}@{{target}}`
+
+- Extract credentials from a local SAM database using registry hives:
+
+`secretsdump.py -sam {{path/to/SAM}} -system {{path/to/SYSTEM}}`
+
+- Dump hashes from a machine without providing a password (if a valid authentication session exists, e.g. via Kerberos or NTLM SSO):
+
+`secretsdump.py -no-pass {{domain}}/{{username}}@{{target}}`