NTDS
Executes Mimikatz's lsadump::dcsync on the target system. Parses the NTDS file to replicate Secretsdump output. No files are created on disk on the target system.
Output for each system is stored in $pwd\PME\NTDS\
Supported Methods
MSSQL
SMB
SessionHunter (WMI)
WMI
WinRM
Optional Parameters
Parameter | Value | Description |
---|---|---|
-NoParse | N/A | Will ommit parsing output from the method. Will Simply extract the NTDS file in a hashcat friendly format |
-Rainbow | N/A | When provided, collected hashes will be compared against an online database https://ntlm.pw |
-ShowOutput | N/A | Displays each targets output to the console |
-SuccessOnly | N/A | Display only successful results |
Usage
Parsing
If -NoParse
is not specified, PsMapExec will parse the results from the NTDS output and present them in a digestable and usable format.
Last updated