Search Results for: ntds

Results 1 - 10 of 21 Page 1 of 3
Results per-page: 10 | 20 | 50 | 100

adpwn – tools for Windows Active-Directory explotaition and pwning.

Posted on: 2017-05-03

ADPWN is a Useful tools for Windows AD explotaition and pwning. dsinternalsparser.py This tool makes easy and faster the dumping process of hashes stored in a domain controller. Note * It uses the output of the DSInternals modules that retreives reversibly encrypted plaintext passwords, password hashes and Kerberos keys of all user accounts from domain controllers. * As mentioned in DSInternals web page(https://www.dsinternals.com/en/), it is possible to retrieve hashes remotely, instead of the well known method using vssadmin, ESEDBTOOLS and NTDSXtract, pretty slow in some cases because of the NTDS.dit size, ESEDBTOOLS misconfigurations, etc. DSInternals Parser v1.0 Requirements – Python…

Extracting NTDS.dit and Cracking Hashes

Posted on: 2017-03-06

This video is about extracting Hashes from NTDS.dit file. We will be using ntdsutil.exe command to create an IFM which would help us extract ntds.dit file and Registry files. For extracting Hashes we will be using CoreSecurity Team's python script and eventually cracking the Hashes. Source: SecurityTube.Net @ March 5, 2017 at 06:37PM

Practice ntds.dit File Part 9: Extracting Password History Hashes

Posted on: 2017-03-03

I released a tool to analyze password history. To extract password history from ntds.dit with ntdsxtract/dsusers.py, use option –passwordhistory. To extract password history from ntds.dit with secretsdump.py, use option -history. Source: Didier Stevens @ March 2, 2017 at 05:00PM

Practice ntds.dit File Part 9: Extracting Password History Hashes

Posted on: 2017-03-03

I released a tool to analyze password history. To extract password history from ntds.dit with ntdsxtract/dsusers.py, use option –passwordhistory. To extract password history from ntds.dit with secretsdump.py, use option -history. Source: Didier Stevens @ March 2, 2017 at 05:00PM

Password History Analysis

Posted on: 2017-02-28

When cracking Active Directory passwords as I explained in this series of blog posts, you can also crack the password history. The program I’m releasing now will make a report of users who “recycle” their previous passwords by using a common string. Example:   The man page: Usage: password-history-analysis.py [options] [[@]file ...] Program to analyze password history Arguments: @file: process each file listed in the text file specified wildcards are supported Source code put in the public domain by Didier Stevens, no Copyright Use at your own risk https://DidierStevens.com Options: --version show program's version number and exit -h, --help show…

Windows Penetration Testing Tool: RedSnarf

Posted on: 2017-02-07

Windows Penetration Testing Tool RedSnarf is a penetration testing/red-teaming tool for retrieving hashes and credentials from workstations, servers and domain controllers using OpSec-Safe Techniques. RedSnarf aims to do the following: Leave no evidence on the host of intrusion/exfiltration – this includes files, processes and services; Not cause undue damage to the host i.e. forcing the host to re-boot   Why use RedSnarf? Currently there are a number of excellent “post-exploitation” tools; these include the smbexec and Metasploit post-exploitation modules to name but a few. RedSnarf differs in that: It’s easy to use It’s lightweight at less than 500 lines of…

Domain Password Audit Tools (DPAT).

Posted on: 2016-11-23

dpat is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with clickable links. You can run the python script at follows.dpat.py -n customer.ntds -c oclHashcat.pot -g "Domain Admins.txt" "Enterprise Admins.txt"Note that the group lists at the end (-g “Domain Admins.txt “Enterprise Admins.txt”) are optional. Try this out on the example files provied in the sample_data folder of this project. The sample data was built from census data for common…

Overview of Content Published In October

Posted on: 2016-11-14

Here is an overview of content I published in October: Blog posts: rtfdump Videos Analyzing Office Maldocs With Decoder.xls Update: oledump.py Version 0.0.25 Update: cut-bytes.py Version 0.0.4 Update: virustotal-search.py Version 0.1.4 YouTube videos: Maldoc VBA: Decoding With Excel Videoblog posts: rtfdump: intro rtfdump: MS12-027 Maldoc rtfdump: MS10-087 Maldoc CreateCertGUI oledump xor kpa ntds.dit: Mimikatz Golden Ticket & DCSync Visual Studio 2013 & OpenSSL Visual Studio 2013 & MFC Maldoc: numbers-to-string.py Training: Attacking with Excel Malware: Process Explorer & Procmon Malware: FakeNet-NG Maldoc VBA: .pub File Maldoc VBA: decoder.xls Maldoc VBA: Shellcode Maldoc VBA: Decoding With Excel SANS ISC Diary entries:…

Overview of Content Published In August

Posted on: 2016-09-18

Here is an overview of content I published in August: Blog posts: rtfdump: Update And Videos Howto CreateCertGUI: Create Your Own Certificate On Windows (OpenSSL Library) mimikatz: Golden Ticket + DCSync Video: mimikatz: Golden Ticket + DCSync Update: xor-kpa.py Version 0.0.3 With Man Page Update: rtfdump Version 0.0.4 YouTube videos: CreateCertGUI oledump xor kpa ntds.dit: Mimikatz Golden Ticket & DCSync Visual Studio 2013 & OpenSSL Visual Studio 2013 & MFC Maldoc: numbers-to-string.py Training: Attacking with Excel SANS ISC Diary entries: rtfdump Source: Didier Stevens @ September 18, 2016 at 01:36PM

CrackMapExec v3.1.2 – A swiss army knife for pentesting Windows/Active Directory environments.

Posted on: 2016-07-22

Changelog CrackMapExec v3.1.2: + Some minor code cleanup + Error handling improvements + Bug fixes in SMB brute forcing and SMB spider logic + Added support for importing Metasploit credentials + New enum_chrome, powerview and mem_scraper modules CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments! From enumerating logged on users and spidering SMB shares to executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit and more! The biggest improvements over the above tools are: – Pure Python script, no external tools required – Fully concurrent threading – Uses ONLY native WinAPI calls for discovering sessions,…