Password Audit: Extracting hashes from Ntds.dit

In this tutorial, I will show you how to do a password audit of a Windows Domain Controller by extracting the NTLM password hashes from the Ntds.dit file; In order to crack the hashes with Hashcat and see their clear text value The Ntds.dit is a database that stores Active Directory data, which includes all the password hashes for all the users of the domain. To be able to retrieve the NTLM password hashes, we…

Scroll to top