Metasploit provide some Microsoft Windows auxiliary modules who will permit you to dump local accounts from the SAM Database. These modules, “post/windows/gather/hashdump” and “post/windows/gather/smart_hashdump”, have been updated recently with addition of Windows users password hints. A nice blog post “All Your Password Hints Are Belong to Us” from claudijd explain how they have successfully extract/decode user password hints from the Windows registry. Here under a small video demonstration of these modifications.

Nice job from @claudijd, @reynoldsrb, @_sinn3r and @TheLightCosine for these nice upgrades 🙂