Merge pull request HackTricks-wiki#650 from almandin/almandin-patch-1

Update README.md

Author: carlospolop

windows-hardening/stealing-credentials/README.md

@@ -291,6 +291,16 @@ For **big NTDS.dit files** it's recommend to extract it using [gosecretsdump](ht
 
 Finally, you can also use the **metasploit module**: _post/windows/gather/credentials/domain\_hashdump_ or **mimikatz** `lsadump::lsa /inject`
 
+### **Extracting domain objects from NTDS.dit to an SQLite database**
+
+NTDS objects can be extracted to an SQLite database with [ntdsdotsqlite](https://github.com/almandin/ntdsdotsqlite). Not only secrets are extracted but also the entire objects and their attributes for further information extraction when the raw NTDS.dit file is already retrieved.
+
+```
+ntdsdotsqlite ntds.dit -o ntds.sqlite --system SYSTEM.hive
+```
+
+The `SYSTEM` hive is optional but allow for secrets decryption (NT & LM hashes, supplemental credentials such as cleartext passwords, kerberos or trust keys, NT & LM password histories). Along with other information, the following data is extracted : user and machine accounts with their hashes, UAC flags, timestamp for last logon and password change, accounts description, names, UPN, SPN, groups and recursive memberships, organizational units tree and membership, trusted domains with trusts type, direction and attributes...
+
 ## Lazagne
 
 Download the binary from [here](https://github.com/AlessandroZ/LaZagne/releases). you can use this binary to extract credentials from several software.