Skip to content
NTDS.dit offline dumper with non-elevated
Branch: master
Clone or download
zcgonvh add server 2016 support
add server 2016 support
Latest commit 2eddd0a Jan 17, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
NTDSDumpEx add server 2016 support Jan 17, 2018
.gitattributes
LICENSE public Feb 22, 2017
NTDSDumpEx.png
NTDSDumpEx.sln
NTDSDumpEx.v12.suo
README.md
Windows Server 2016.png

README.md

NTDSDumpEx

NTDS.dit offline dumper with non-elevated

Usage

ntdsdumpex.exe <-d ntds.dit> <-k HEX-SYS-KEY | -s system.hiv |-r> [-o out.txt] [-h] [-m] [-p] [-u]
-d    path of ntds.dit database
-k    use specified SYSKEY
-s    parse SYSKEY from specified system.hiv
-r    read SYSKEY from registry
-o    write output into
-h    dump hash histories(if available)
-p    dump description and path of home directory
-m    dump machine accounts
-u    USE UPPER-CASE-HEX

Example:

ntdsdumpex.exe -r
ntdsdumpex.exe -d ntds.dit -o hash.txt -s system.hiv

Reference Source

ntds.h,ntds.cpp,attributes.h from ntds_decode (some changed).

ntreg.c,ntreg.h from search,fix some compatibility on windows,and remove the debug outputs.

License

GPL

You can’t perform that action at this time.