*revision*

When I meant extract the passwords, I meant the final passwords, there are many tools that will pull the hashes.

Yes a dictionary attack will work, but a system established according to the MS/NSA guidelines using 8+ chars and password complexity, will from my experience take too long to be useful. NTLMv2 is pretty decent, I have not even read of a successful crack against a system following standard guidelines.