In Metasploit, which module is commonly used to dump Windows password hashes after compromising a host?

Dumping Windows password hashes is a common post-exploitation step to enable offline cracking or pass-the-hash attacks. In Metasploit, the specific post-exploitation module designed to extract those hashes from the target is hashdump. It uses a Meterpreter session to access the SAM database and LSASS memory and outputs the NTLM (and sometimes LM) hashes for user accounts found on the machine. This module is the focused tool for this task, looping in the Windows credential data you’ve effectively accessed after compromising the host. Other options don’t fit this purpose: psexec is used for remote command execution over SMB, not for pulling password hashes. Meterpreter is the payload that provides post-exploitation capabilities, but hashdump is the module you run within that session to actually dump the hashes. A plain shell lacks the built-in mechanisms to access the SAM/LSA data needed to extract those hashes.