During a penetration test, you have obtained an elevated Meterpreter session on a Windows workstation through Metasploit. You must collect the local SAM password hashes so that you can attempt pass-the-hash authentication on nearby hosts. Which built-in Meterpreter action accomplishes this with the least impact on the target user?
Execute the ps command and save the process list for later analysis
Upload and launch an external Mimikatz binary from disk to dump credentials
Run the hashdump command (or smart_hashdump module) to dump SAM hashes
Enable the WDigest registry setting to capture plaintext credentials after reboot
The hashdump command (or the post/windows/gather/smart_hashdump module) is built into Meterpreter and extracts password hashes from the SAM database entirely in memory, avoiding external binaries, scheduled tasks, or registry changes that could alert the user or security tools. Listing processes, enabling WDigest, or uploading an external Mimikatz executable either fails to provide SAM hashes immediately or creates additional artifacts that increase the risk of detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the exploitation framework referenced in the question?
Open an interactive chat with Bash
Why is capturing hashes from memory considered minimal user interruption?
Open an interactive chat with Bash
What are some risks with using external scripts or scheduled jobs for hash collection?