Add TDO password dump on secretsdump#117
Open
ShutdownRepo wants to merge 1 commit intoThePorgs:mainfrom
Open
Conversation
Add the possibility to extract TDO password from local NTDS. Add the change to the secretsdump example to make it available directly from commandline.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Original PR on fortra/impacket: fortra#1505
Add the possibility to extract TDO password from local NTDS.
Add the change to the secretsdump example to make it available directly from commandline.
It is now possible to retrieve all trust information, print them and dump them into the outputfile.
Was tested against a dozen of NTDS from Windows 2012 to Windows 2019. It did not in any case impact the other secretsdump features during the dump.
The option must be explicitly activated through the secretsdump command line to be used during the dump. Otherwise, the classic dump is performed.