<aside> 📌 Summary
</aside>
NTDS.dit is a critical database file in Microsoft Active Directory (AD) that stores directory data, including user accounts, passwords, and security policies. It is used to authenticate users and manage network resources. As a penetration tester, NTDS.dit is intriguing because it contains hashed passwords of all domain users, potentially enabling the extraction of sensitive credentials.
secretsdump.pySecrets dump while automatically dump those while dumping the domain controller, however we can choose to dump only those by adding a flag
secretsdump.py ORB.local/Administrator:'P@$$w0rd1'@10.0.0.12 -just-dc-ntlm
<aside> 💡 Note: we can clear those hashes with Excel and some formulas
</aside>
<aside> 💡 Recall: Only the 2nd part of the hash is crackable. It is called the NT part of the hash
</aside>