Skip to content

Comments

SAM History Dumping#1110

Open
Coontzy1 wants to merge 1 commit intoPennyw0rth:mainfrom
Coontzy1:main
Open

SAM History Dumping#1110
Coontzy1 wants to merge 1 commit intoPennyw0rth:mainfrom
Coontzy1:main

Conversation

@Coontzy1
Copy link

@Coontzy1 Coontzy1 commented Feb 17, 2026

Description

Modified --history parameter for SMB to extract password history hashes for SAM in addition to NTDS.

This has minor modifications to the SAM dumping path. Then, modified the logging of hashes into the database if _history is found in the hash name to show accurate count of hashes.

The --history argument was then removed from being exclusive to --ntds as it is needed for --sam.

relevant PRs: fortra/impacket#2059

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Deprecation of feature or functionality
  • This change requires a documentation update
  • This requires a third party update (such as Impacket, Dploot, lsassy, etc)

Setup guide for the review

Change the passwords of one (1) or more local users at with default Windows settings to have stored password history hashes.
Then, proceed to target the system with --sam --history

Screenshots (if appropriate):

Default Behavior (pre-PR)
Default_behvaior
Updated Behavior (With-PR and --history)
Updated_tool
Related NTDS argument still working as expected
NTDS_Still_Working

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

  • I have ran Ruff against my changes (via poetry: poetry run python -m ruff check . --preview, use --fix to automatically fix what it can)
  • I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
  • New and existing e2e tests pass locally with my changes
    New e2e tests pass. Various other ones don't, but they should not be affected by my PR.
e2e_tests
  • If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

@Coontzy1
SAM History Dumping
d06d179 
smb: update proto args

tests: add --sam --history example
@Coontzy1 Coontzy1 mentioned this pull request Feb 17, 2026
Open
@NeffIsBack
Copy link
Member

NeffIsBack commented Feb 17, 2026

Thanks for the PR! I'll look into it soon.

@NeffIsBack NeffIsBack added the enhancement New feature or request label Feb 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zblurx zblurx Awaiting requested review from zblurx zblurx is a code owner

@Marshall-Hallenbeck Marshall-Hallenbeck Awaiting requested review from Marshall-Hallenbeck Marshall-Hallenbeck is a code owner

@NeffIsBack NeffIsBack Awaiting requested review from NeffIsBack NeffIsBack is a code owner

@mpgn mpgn Awaiting requested review from mpgn mpgn is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Coontzy1 @NeffIsBack