Lets learn how to dump domain password hashes after gaining access to a DC as a local user instead of a domain user. How do you get domain creds from a local (computer, nondomain) user account?
I will show you how to dump hashes that are stored in a database file in the domain controller (NTDS.DIT) with some additional information like group memberships and users.
Download my vulnerable vm here: https://drive.google.com/file/d/1uAWR1oZtpxRSAjhAONXCqUqR3wJckKy4/view if you want to follow along.
Remember to like and subscribe for more! Connect and Direct Message me on Linkedin: https://www.linkedin.com/in/howard-mukanda-24503144/
8 Comments