Academy - Windows Privilege Escalation - Pillaging

I’m having some trouble with Question 5.

“Restore the directory containing the files needed to obtain the password hashes for local users. Submit the Administrator hash as the answer.”

I can easily restore the restic backups, but downloading the SAM and SYSTEM files to my Kali box and running samdump2 yields null passwords for all local users. I believe that samdump2 no longer works with modern Windows SAM/SYSTEM dumps.

Any help is appreciated.

I figured it out.

After downloading the SAM and SYSTEM files to my Kali, I used instead of samdump2 and I got the “real” hashes, not the “null” hashes! Boom!

1 Like

can you give a hint on how to find and download the cookie in the previous question in this section

" Log in as Grace and find the cookies for the website. Use the cookie to log in into from a browser within the RDP session and submit the flag."

having trouble finding firefox cookie database

1 Like

Hi, I got the hash using a tool, but I have no way to determine which one is mine
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
This is the hash I got, can you tell me the format of the answer? I did some obfuscation with this hash, it’s not the correct hash

1 Like

Sorry. It’s been a while since I did the AD module. I have good notes though. Which section/question are you on?


I’m stuck on the Pillaging and Miscellaneous Techniques modules of the Windows Privilege Escalation module, I have the administrator’s hashes etc. files, but I can’t get the answer

Can you show me your WIndows Privilege Escalation and ACTIVE DIRECTORY ENUMERATION & ATTACKS notes? I have been stuck in these two modules, I really want to get a little permission but there is no way to solve it, my Google mailbox is Thank you

My notes are very large files, so I shared my Windows Priv Esc notes and my two AD module notes.

Try and download them as I will remove access tomorrow.

Let me know if you run into any issues viewing/downloading.


OK Tannk you ,love you

1 Like


Just paying it back, because I had to ask for help many times!

I’m 78.27% done with the CPTS track, and it’s been ROUGH.


Solve this? I have 2 ADministrator hashes but both not working

I did a while ago. I made notes for every module i did. Send me your gmail email address and I’ll share my notes with you. They are in my Google Drive.


Hi, Could you please share me the notes? Thanks in advance!

my email address:


Could you please share me the notes also? Thanks in advance :smiley:

ok , I’ve sent

1 Like

Thanks a lot :grin: