Results 1 to 2 of 2

Thread: extracting password hashes from NTDS.DIT on MS DC?

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    1

    Default extracting password hashes from NTDS.DIT on MS DC?

    Hello all,
    My management has approved an audit of AD accounts looking for weak passwords

    Since I have the server and backups I would have access to NTDS.DIT file, is there away to extract password hashes directly from it? I'm trying to avoid running LC or fgdump on the Active Directory domain controller.

    I've searched high and low and have not been able to find an answer.

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by John_smith View Post
    Since I have the server and backups I would have access to NTDS.DIT file, is there away to extract password hashes directly from it? I'm trying to avoid running LC or fgdump on the Active Directory domain controller.
    Two seconds to google "crack ntds.dit" makes me wonder if you searched at all. But to give you the benefit of the doubt, there is no reason not to run pwdump on the DC itself - schedule it for late at night after everyone has gone home if you are nervous. Watch it onsite or remotely and if you run other services on it (especially exchange) shut them down first to be certain that they are not going to be corrupted.

    Only once have I seen pwdump blue screen a machine, and that was against a highly volatile (already) terminal server in one of my earliest jobs. With that in mind, just execute pwdump and see if it works.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •