zcgonvh/NTDSDumpEx: NTDS.dit offline dumper with non-elevated

NTDS.dit offline dumper with non-elevated

Usage

ntdsdumpex.exe <-d ntds.dit> <-k HEX-SYS-KEY | -s system.hiv |-r> [-o out.txt] [-h] [-m] [-p] [-u]
-d    path of ntds.dit database
-k    use specified SYSKEY
-s    parse SYSKEY from specified system.hiv
-r    read SYSKEY from registry
-o    write output into
-h    dump hash histories(if available)
-p    dump description and path of home directory
-m    dump machine accounts
-u    USE UPPER-CASE-HEX

Example:

ntdsdumpex.exe -r
ntdsdumpex.exe -d ntds.dit -o hash.txt -s system.hiv

Reference Source

ntds.h,ntds.cpp,attributes.h from ntds_decode (some changed).

ntreg.c,ntreg.h from search,fix some compatibility on windows,and remove the debug outputs.

License

GPL


为您推荐了相关的技术文章:

  1. Extracting Hashes and Domain Info from ntds.dit
  2. 3 Ways Extract Password Hashes from NTDS.dit
  3. Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction
  4. Petya Ransomware Without The Fluff
  5. Back That App Up: Gaining Root on the Lenovo Vibe « Threat Research Blog

原文链接: github.com