Breaking WINDOWS 7/8/10 Password is Now Easy With HiveJack


HiveJack is an internal penetration testing tool and it can be used on compromised windows machine or where you have physical access to the machine on Internal Network. This tool can be used to collect the Windows credentials from the compromised machine.

This tool dumps SYSTEM, SECURITY and, SAM hives from the machine, which later on can be used to retrieve the list of windows username and even the password.


  • OS: Microsoft Windows [Version 10.0.18363.720]

Execution Steps

  • The HiveJack tool is easy to use. There is no installation needed for this tool.
  • Just simply download the HiveJack.ex file and execute the tool.
  • We will see the tool in this way.
HiveJack Tool Interface
HiveJack Tool Interface
  • In the above picture, we have different file dumps options.
  • In the HiveJack tool, there is no stress to remember the commands.
  • Here, we clicked on Dump SAM File to dump SAM file in C:\temp folder.
SAM Dump
SAM Dump
  • Now click on Dump SECURITY File to dump SECURITY file in C:\temp folder.
Security Dump
Security Dump
  • Then click on Dump SYSTEM File to dump SYSTEM file in C:\temp folder.
System Dump
System Dump
  • In the above steps we have successfully collected all three different files from the Windows machine and now let’s check the files in C:\temp folder.
Temp Folder
All files saved in Temp Folder
  • All three files are stored in C:\temp folder.
  • Now, let’s copy the temp folder to our Kali Machine to cracking the password.
  • After copying with the file in Kali, go to the file path and type this command chntpw -I to retrieve the usernames in Windows machine.
Crack Password
Retrieve the usernames in Windows
  • Here, chntpw Main Interactive Menu , you can select option 1, to edit user data and password.
  • So we can see that the system has iicybersecurity, vemul users other than Administrator user.
Edit User
List User
  • We can also used retrieve the passwords in Windows using the steps mentioned here, Crack the Windows password with John the Ripper.


So we saw on the easy way to retrieve the Windows credentials in less time.