# Dump local

## Challenge

> J'ai réussi à dumpé les fichiers sam locaux !
>
> Donne moi les informations du user 1001 entre ctf{}

Included were 2 files:

{% file src="<https://1102212211-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa46Jmz9dIuFnWcXn3ooO%2Fuploads%2F2EOHOzuDyxty3QBCRuCZ%2Fsam?alt=media&token=53eec1c9-ed4b-4a9c-8eae-82e5e6c52904>" %}

{% file src="<https://1102212211-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa46Jmz9dIuFnWcXn3ooO%2Fuploads%2F0vCEbLuhxdeUcMJPd962%2Fsystem?alt=media&token=cb405e11-c019-4d24-8264-f3845782978e>" %}

## Solution

SAM (Security Accounts Manager) is a database that stores usernames and passwords in Windows. The key is to use the system file to decrypt the SAM file. With the help of Secretsdump from the [Impacket](https://github.com/fortra/impacket) collection I was able to get a hashes dump.

<figure><img src="https://1102212211-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa46Jmz9dIuFnWcXn3ooO%2Fuploads%2FKK71Kb8qDAn1REJKmx5e%2Fsecretsdump.png?alt=media&#x26;token=289b0676-2437-4fe9-92a8-5e9fe4cef223" alt=""><figcaption></figcaption></figure>

It was asked to find the information from user 1001 which as you can see is `nunut`.