You can dump passwords (or NTML hash with Windows >=8.1) with mimikatz. Meterpreter should help with that iirc.
Performs various techniques to dump hashes from the remote machine without executing any agent there.
Last updated 3 years ago
python3 secretsdump.py FULLY_QUALIFIED_DOMAIN_NAME/USERNAME:PASSWORD@IP_ADDRESS
