2

Extracting NTDS.dit from a live Domain Controller “The easy way”

Neobits.org is back in the game (read more about), and for my first post in this new neobits.org era, I want to share a simple technique I used last week.

This month, has been so amazing for me:

  • I got my “The Art of Memory Forensics” book.
  • I recovered Neobits.org.
  • Was my 22nd Birthday u.u
  • I officially completed my first pentest for a company.

First of all, I want to thank my friend @Dash for the guidelines, advices, tips and by mentoring me during my first pentest, It has been an amazing experience, and I liked a lot. You are as our security folks named you: “The Messi from hacking in Aztec land”.

During this pentest we were able to hack all of our targets, including the Domain Controller (DC) =) but… now what?

Let’s get this precious file… NTDS.dit. For the readers who don’t know what this file is used for, let me tell you that in this file are contained all the password hashes of the users at the Domain Controller.

Continue Reading