├── README.md ├── SAM Retrieve.cmd └── Screenshot_01.PNG /README.md: -------------------------------------------------------------------------------- 1 | # SAM Retrieve 2 | This script retrieves the SAM and SYSTEM files, using a reg command. That's all. Then, you will be able to extract the password using OphCrack, Hashcat... 3 | It requests admin elevation, thanks to this code: https://github.com/cyberponk/psubst/blob/master/psubst.bat 4 | 5 | 6 | -------------------------------------------------------------------------------- /SAM Retrieve.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | call :RequestAdminElevation "%~dpfs0" %* || goto:eof 3 | mode con: cols=40 lines=4 4 | echo Please, wait... 5 | reg SAVE HKLM\SAM .\SAM>nul 6 | reg SAVE HKLM\SYSTEM .\SYSTEM>nul 7 | cls 8 | echo Done! Thanks for using this software. 9 | echo By BlueArduino20 10 | echo Press any key to exit... 11 | pause>nul 12 | exit 13 | 14 | :RequestAdminElevation FilePath %* || goto:eof 15 | REM RequestAdminElevation By: cyberponk 16 | setlocal ENABLEDELAYEDEXPANSION & set "_FilePath=%~1" 17 | if NOT EXIST "!_FilePath!" (echo/Read RequestAdminElevation usage information) 18 | set "_FN=_%~ns1" & echo/%TEMP%| findstr /C:"(" >nul && (echo/ERROR: %%TEMP%% path can not contain parenthesis &pause &endlocal &fc;: 2>nul & goto:eof) 19 | set _FN=%_FN:(=% 20 | set _vbspath="%temp:~%\%_FN:)=%.vbs" & set "_batpath=%temp:~%\%_FN:)=%.bat" 21 | fltmc >nul 2>&1 || goto :_getElevation 22 | (if exist %_vbspath% ( del %_vbspath% )) & (if exist %_batpath% ( del %_batpath% )) 23 | endlocal & CD /D "%~dp1" & ver >nul & goto:eof 24 | :_getElevation 25 | echo/Requesting elevation... 26 | echo/Set UAC = CreateObject^("Shell.Application"^) > %_vbspath% || (echo/&echo/Unable to create %_vbspath% & endlocal &md; 2>nul &goto:eof) 27 | echo/UAC.ShellExecute "%_batpath%", "", "", "runas", 1 >> %_vbspath% & echo/wscript.Quit(1)>> %_vbspath% 28 | echo/@%* > "%_batpath%" || (echo/&echo/Unable to create %_batpath% & endlocal &md; 2>nul &goto:eof) 29 | echo/@if %%errorlevel%%==9009 (echo/^&echo/Admin user could not read the batch file. If running from a mapped drive or UNC path, check if Admin user can read it.)^&echo/^& @if %%errorlevel%% NEQ 0 pause >> "%_batpath%" 30 | %_vbspath% && (echo/&echo/Failed to run VBscript %_vbspath% &endlocal &md; 2>nul & goto:eof) 31 | echo/&echo/Elevation was requested on a new CMD window &endlocal &fc;: 2>nul & goto:eof 32 | -------------------------------------------------------------------------------- /Screenshot_01.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adamff-dev/SAM_Retrieve/972585106f6aafc3e024854e157051a7648eb3c3/Screenshot_01.PNG --------------------------------------------------------------------------------