Dumping domain hashes
NTDSutil
Then browse to the mounted directory in the C:/ and copy out the ntds.dit && SAM & SYSTEM file to your prefered location
To delete the snapshot after:
Then pull the hashes out with Impacket's Secretdump
You cna also dump them remotely:
The tidy up the hashes
Or you can do it with a 1 liner remotely. but becareful it doesnt crash the connection
crackmapexec
Meterpreter
Once you have your Meterpreter shell from your exploit of choice, such as PSEXEC
Last updated