Merge pull request #650 from almandin/almandin-patch-1

Update README.md
This commit is contained in:
Carlos Polop 2023-06-01 22:23:45 +02:00 committed by GitHub
commit a239626d74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -291,6 +291,16 @@ For **big NTDS.dit files** it's recommend to extract it using [gosecretsdump](ht
Finally, you can also use the **metasploit module**: _post/windows/gather/credentials/domain\_hashdump_ or **mimikatz** `lsadump::lsa /inject`
### **Extracting domain objects from NTDS.dit to an SQLite database**
NTDS objects can be extracted to an SQLite database with [ntdsdotsqlite](https://github.com/almandin/ntdsdotsqlite). Not only secrets are extracted but also the entire objects and their attributes for further information extraction when the raw NTDS.dit file is already retrieved.
```
ntdsdotsqlite ntds.dit -o ntds.sqlite --system SYSTEM.hive
```
The `SYSTEM` hive is optional but allow for secrets decryption (NT & LM hashes, supplemental credentials such as cleartext passwords, kerberos or trust keys, NT & LM password histories). Along with other information, the following data is extracted : user and machine accounts with their hashes, UAC flags, timestamp for last logon and password change, accounts description, names, UPN, SPN, groups and recursive memberships, organizational units tree and membership, trusted domains with trusts type, direction and attributes...
## Lazagne
Download the binary from [here](https://github.com/AlessandroZ/LaZagne/releases). you can use this binary to extract credentials from several software.