NTDSEXTRACT

Decrypt NTDS (aka NT Directory Service) active directory hashes for servers up to windows 2012r2 (rc4) and windows 2016 and up (aes).
NTDS uses the Extensible Storage Engine format (aka ESE).

syntax is NTDSEXTRACT 32_hex_chars_syskey path_to_ntds_db

You can dump all necessary files (registry hives and ntds database) with
powershell "ntdsutil.exe 'ac i ntds' 'ifm' 'create full c:\temp' q q"

check the database with esentutl /g ntds.dit and repair it with esentutl /p ntds.dit.

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
.vs/project1/v15		.vs/project1/v15
.gitattributes		.gitattributes
.gitignore		.gitignore
NTDSEXTRACT.exe		NTDSEXTRACT.exe
NTDSEXTRACT.lpi		NTDSEXTRACT.lpi
NTDSEXTRACT.lpr		NTDSEXTRACT.lpr
NTDSEXTRACT.lps		NTDSEXTRACT.lps
NTDSEXTRACT.zip		NTDSEXTRACT.zip
README.md		README.md
esent.pas		esent.pas
esentutl.zip		esentutl.zip
ntds.pas		ntds.pas
project1.lpi		project1.lpi
project1.lpr		project1.lpr
project1.lps		project1.lps
utils.pas		utils.pas

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

NTDSEXTRACT

About

Uh oh!

Releases

Packages

Languages

erwan2212/NTDSEXTRACT

Folders and files

Latest commit

History

Repository files navigation

NTDSEXTRACT

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages