NTDS.dit offline dumper with non-elevated
NTDS.dit offline dumper with non-elevated
ntdsdumpex.exe [-o out.txt] [-h] [-m] [-p] [-u] -d path of ntds.dit database -k use specified SYSKEY -s parse SYSKEY from specified system.hiv -r read SYSKEY from registry -o write output into -h dump hash histories(if available) -p dump description and path of home directory -m dump machine accounts -u USE UPPER-CASE-HEX
ntdsdumpex.exe -r ntdsdumpex.exe -d ntds.dit -o hash.txt -s system.hiv
ntds.h,
ntds.cpp,
attributes.hfrom ntds_decode (some changed).
ntreg.c,
ntreg.hfrom search,fix some compatibility on windows,and remove the debug outputs.
GPL