Dump with BackupOperator Priv

You don't need to local admin privilege on the remote target if you are in SeBackupPrivilege

If the controlled user has the SeBackupPrivilege, it can dump SAM, SYSTEM, SECURITY and therefore the NTDS.dit on the target system. No admin privs needed!

nxc smb <ip> -u username -p password -M backup_operator

PreviousDump DPAPI NextDump SCCM

Last updated 1 month ago

Was this helpful?