06-02-2015, 11:50 PM
It was my own fault for not reading the documentation on QwarksPWDump
http://blog.quarkslab.com/quarks-pwdump.html
"For example, it's not possible to parse Win 2008 NTDS.dit file from XP. In fact, record's checksum are computed in a different manner and database files appear corrupted for API functions."
I just dumped the hashes on using the utility on Windows 7 not on the DC itself, running the same application against the same hash files over Win7, server 2008R2 , and Server 2012R2 gave all different hashes.
http://blog.quarkslab.com/quarks-pwdump.html
"For example, it's not possible to parse Win 2008 NTDS.dit file from XP. In fact, record's checksum are computed in a different manner and database files appear corrupted for API functions."
I just dumped the hashes on using the utility on Windows 7 not on the DC itself, running the same application against the same hash files over Win7, server 2008R2 , and Server 2012R2 gave all different hashes.