public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-28 15:58:24 +01:00
Code Issues Projects Releases Wiki Activity

Update Dsdbutil.yml

Browse Source
This commit is contained in:
Ekitji 2023-06-08 01:07:25 +03:00 committed by GitHub
parent 1a3ada3984
commit 3eb7625da4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
yml/OtherMSBinaries/Dsdbutil.yml
View File

@ -11,28 +11,28 @@ Commands:
Usecase: Snapshoting of Active Directory NTDS.dit database Usecase: Snapshoting of Active Directory NTDS.dit database
Category: Dump Category: Dump
Privileges: Administrator Privileges: Administrator
MitreID: T1003.003: NTDS MitreID: T1003.003
OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019 OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019
- Command: dsdbutil.exe "activate instance ntds" "snapshot" "mount {GUID}" "quit" "quit" - Command: dsdbutil.exe "activate instance ntds" "snapshot" "mount {GUID}" "quit" "quit"
Description: Mounting the snapshot with its GUID Description: Mounting the snapshot with its GUID
Usecase: Mounting the snapshot to access the ntds.dit with copy c:\[Snap Volume]\windows\ntds\ntds.dit c:\users\administrator\desktop\ntds.dit.bak Usecase: Mounting the snapshot to access the ntds.dit with copy c:\[Snap Volume]\windows\ntds\ntds.dit c:\users\administrator\desktop\ntds.dit.bak
Category: Dump Category: Dump
Privileges: Administrator Privileges: Administrator
MitreID: T1003.003: NTDS MitreID: T1003.003
OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019 OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019
- Command: dsdbutil.exe "activate instance ntds" "snapshot" "delete {GUID}" "quit" "quit" - Command: dsdbutil.exe "activate instance ntds" "snapshot" "delete {GUID}" "quit" "quit"
Description: Deletes the mount of the snapshot Description: Deletes the mount of the snapshot
Usecase: Deletes the snapshot Usecase: Deletes the snapshot
Category: Dump Category: Dump
Privileges: Administrator Privileges: Administrator
MitreID: T1003.003: NTDS MitreID: T1003.003
OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019 OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019
- Command: dsdbutil.exe "activate instance ntds" "snapshot" "create" "list all" "mount 1" "quit" "quit" - Command: dsdbutil.exe "activate instance ntds" "snapshot" "create" "list all" "mount 1" "quit" "quit"
Description: Mounting with snapshot identifier Description: Mounting with snapshot identifier
Usecase: Mounting the snapshot identifier 1 and accessing it with with copy c:\[Snap Volume]\windows\ntds\ntds.dit c:\users\administrator\desktop\ntds.dit.bak Usecase: Mounting the snapshot identifier 1 and accessing it with with copy c:\[Snap Volume]\windows\ntds\ntds.dit c:\users\administrator\desktop\ntds.dit.bak
Category: Dump Category: Dump
Privileges: Administrator Privileges: Administrator
MitreID: T1003.003: NTDS MitreID: T1003.003
OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019 OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019
- Command: dsdbutil.exe "activate instance ntds" "snapshot" "list all" "delete 1" "quit" "quit" - Command: dsdbutil.exe "activate instance ntds" "snapshot" "list all" "delete 1" "quit" "quit"
Description: Deletes the mount of the snapshot Description: Deletes the mount of the snapshot