05-03-2023, 11:18 AM
The registry hives on a running machine are in use and locked. You'll need to copy them first.
An easy way to do this is via CMD as admin:
Change you bat accordingly.
Also, the last part of the bat needs to be:
Happy cracking!
An easy way to do this is via CMD as admin:
Code:
reg save hklm\system c:\system.dump
reg save hklm\security c:\security.dumpChange you bat accordingly.
Also, the last part of the bat needs to be:
Code:
rem Run winhello2hashcat.py with the windows and ngc arguments
pause
rem PYTHON %WINHELLO% --verbose --windows %WIND% --ngc %NGC%
PYTHON %WINHELLO% --verbose --cryptokeys %CRYPT% --masterkey %MASTR% --security %SECR% --system %SYSM% --ngc %NGC%
pause