From the course: Advanced Pen Testing Techniques for Active Directory
Join today to access over 24,900 courses taught by industry experts.
Extract the AD hashes - Active Directory Tutorial
From the course: Advanced Pen Testing Techniques for Active Directory
Extract the AD hashes
- Windows provides command line tools for administrators to make an accessible copy of the active directory database ntds.dit. The first file we need is HKLM System from the registry. I've already created a temp folder, so we'll put it there. We need to have an administrative command show open. And we can copy out the registry extract with the command reg SAVE HKLM/system and we'll save it to c:/temp/sys. To copy the active directory we use the VSS admin tool. Sometimes we might have to fix it after we copy it out. So we'll run the fix utility anyway and we do this as follows at the Windows command line. VSSadmin, create shadow /for=c: Okay, and we can now copy \\?\GLOBAL\Device\Harddiskvolume ShadowCopy1\Windows\NTDS\ntds.dit and we'll copy that to C:\tem\dit. Global root device. And we'll run the fix utility SNTUTL /p c:\temp\dit /1024 /8 /0 . We now have the files with we need, and we can use the DS internals tool.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Set up for testing4m 19s
-
(Locked)
Extract the AD hashes4m 29s
-
(Locked)
Password spraying Active Directory2m 30s
-
(Locked)
Kerberos brute-forcing attacks2m 56s
-
(Locked)
Use CrackMapExec to access and enumerate AD2m 41s
-
(Locked)
Investigate the SYSVOL share2m 51s
-
(Locked)
Take advantage of legacy data1m 56s
-
-
-