mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 22:52:06 +00:00
Merge pull request #650 from almandin/almandin-patch-1
Update README.md
This commit is contained in:
commit
a239626d74
1 changed files with 10 additions and 0 deletions
|
@ -291,6 +291,16 @@ For **big NTDS.dit files** it's recommend to extract it using [gosecretsdump](ht
|
|||
|
||||
Finally, you can also use the **metasploit module**: _post/windows/gather/credentials/domain\_hashdump_ or **mimikatz** `lsadump::lsa /inject`
|
||||
|
||||
### **Extracting domain objects from NTDS.dit to an SQLite database**
|
||||
|
||||
NTDS objects can be extracted to an SQLite database with [ntdsdotsqlite](https://github.com/almandin/ntdsdotsqlite). Not only secrets are extracted but also the entire objects and their attributes for further information extraction when the raw NTDS.dit file is already retrieved.
|
||||
|
||||
```
|
||||
ntdsdotsqlite ntds.dit -o ntds.sqlite --system SYSTEM.hive
|
||||
```
|
||||
|
||||
The `SYSTEM` hive is optional but allow for secrets decryption (NT & LM hashes, supplemental credentials such as cleartext passwords, kerberos or trust keys, NT & LM password histories). Along with other information, the following data is extracted : user and machine accounts with their hashes, UAC flags, timestamp for last logon and password change, accounts description, names, UPN, SPN, groups and recursive memberships, organizational units tree and membership, trusted domains with trusts type, direction and attributes...
|
||||
|
||||
## Lazagne
|
||||
|
||||
Download the binary from [here](https://github.com/AlessandroZ/LaZagne/releases). you can use this binary to extract credentials from several software.
|
||||
|
|
Loading…
Reference in a new issue