NTDS

Executes Mimikatz's lsadump::dcsync on the target system. Parses the NTDS file to replicate Secretsdump output. No files are created on disk on the target system.

Output for each system is stored in $pwd\PME\NTDS\

Supported Methods

MSSQL
SMB
SessionHunter (WMI)
WMI
WinRM

Optional Parameters

Parameter	Value	Description
-NoParse	N/A	Will ommit parsing output from the method. Will Simply extract the NTDS file in a hashcat friendly format
-Rainbow	N/A	When provided, collected hashes will be compared against an online database https://ntlm.pw
-ShowOutput	N/A	Displays each targets output to the console
-SuccessOnly	N/A	Display only successful results

Parameter

Value

Description

-NoParse

N/A

Will ommit parsing output from the method. Will Simply extract the NTDS file in a hashcat friendly format

-Rainbow

N/A

When provided, collected hashes will be compared against an online database https://ntlm.pw

-ShowOutput

N/A

Displays each targets output to the console

-SuccessOnly

N/A

Display only successful results

Usage

# Standard execution
PsMapExec -Username [User] -Password [Pass] -targets [DC] -Module NTDS -Method [Method] -ShowOutput

Parsing

If -NoParse is not specified, PsMapExec will parse the results from the NTDS output and present them in a digestable and usable format.

Last updated 3 months ago