Dumping Domain Password Hashes

2018-07-04T05:56:55
ID PENTESTLAB:9EACD1FF6AB6675E6955C12527822FEB
Type pentestlab
Reporter Administrator
Modified 2018-07-04T05:56:55

Description

It is very common during penetration tests where domain administrator access has been achieved to extract the password hashes of all the domain users for offline cracking and analysis. These hashes are stored in a database file in the domain controller (NTDS.DIT) with some additional information like group memberships and users. The NTDS.DIT file is […]