How to export Windows hash Series II

Source: Internet
Author: User

In the previous article, we mainly talked about physical access and how to export HASH to local computers. With the development of enterprise and cloud management, most small and medium-sized enterprises have begun to push wide areas, it should be said that the domain has been popularized in foreign countries, and it will probably only be used by foreign companies and large companies in China. However, we often encounter domains in our daily work. This series II will talk about Domain HASH.
Before that, we must first understand the following concepts:
What is an Active Directory )?
Referenced from Baidu Encyclopedia:
"Active Directory is a Directory service for Windows Standard Server, Windows Enterprise Server, and Windows Datacenter Server. (Active Directory cannot run on Windows Web Server, but can be used to manage computers running Windows Web Server .) Active Directory stores information about network objects and allows administrators and users to easily find and use the information. Active Directory uses a structured data storage method, which serves as the basis for logical hierarchical organization of Directory information ." After reading the above introduction, I don't know what an Active Directory is. Generally, except for the concept administrator, I can't understand what this kind of concept is very strong and abstract. If it is not rigorous and simple, Active Directory (AD) is the basis for running domain control and DNS in the internal network. domain control is only a control machine, it runs in AD with DNS and other services. If you still do not understand it, we recommend that you build a domain to try it.
Speaking of the topic, how can we get the HASH after encountering AD?
In the domain, the HASH has NTDS. NTDS. DIT is a binary file, which is equivalent to a local computer's SAM file. Its storage location is % SystemRoot % \ ntds \ NTDS. DIT. It contains not only Username and HASH, but also OU and Group.
Like the SAM file, this file must be locked by the system, Windows Server
2008, we can use ntdsutil snapshot to copy this file. The relevant MSDN documentation is as follows:
Http://technet.microsoft.com/zh-cn/library/cc753609 (v = ws.10). How does aspx detach HASH from NTDS. DIT?
If you want to make it simpler, you can use Windows Password Recovery tool, but it is billed.
Earlier, Csaba was used for HASH separation tools.
The ntds_dump_hash.zip file written by barta.com is invalid.
Now the latest tool is NTDSXtract. I will not talk much about how to separate it. FreeBuf has an article about the portal.
Highlights
If you don't want to download NTDS. DIT, you still have a lot of tools to choose from. This tool has advantages and disadvantages, of course. Foreigners have a tool evaluation list,I sorted out and added some content based on him..
Finally, I would like to thank T00LS for the guidance of a great ox and an old man of Firefox on this article.
Part 2 ends.
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.