pwdump gives me blank passwords as hash although there are passwords?

Question

I was trying to boot my brother laptop with USB stick containing Kali live in order to improve my knowledge as a cyber security specialist candidate. After I booted the system with Kali live and used pwdump to dump Windows's SAM file contents, I just found blank password hashes.

root@kali~:$ pwdump system sam

XXX:XXX:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
XXX:XXX:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
XXX:XXX:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
XXX:XXX:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
XXX:XXX:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
XXX:XXX:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
XXX:XXX:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

But the computer uses passwords to login the Windows system. I mean pwdump should have dumped at least three real password hashes. But it didn't. Although system has passwords, why did pwdump give me just blank password hashes? Is it a new security prevention of Windows systems in the area of offline hacking?

Note: I'm using Kali Live 2016. The system which I deal with is Windows 10.

Note2: samdump gave the same result with pwdump and also lsadump, cachedump didn't work due to some python syntax errors.

Answer 1

Since the latest Windows Anniversary Update, Windows 10 seems to be using AES encryption on the SAM file, as well as storing information differently.

See this tweet.

Currently, pwdump doesn't appear to support extracting hashes offline in this new update, there's an issue posted on the GitHub page here.

You may have to sit tight and wait for an update, or look for an alternative tool.