Penetration Testing mailing list archives
Re: Password Audit (AD Domain hashes)
From: Mike Duncan <Mike.Duncan () noaa gov>
Date: Tue, 08 Jun 2010 12:46:16 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Looks like FooFus is having some issues. The website was down when I last tried. Is there another place to look over thread archives for this list? Thanks. Mike Duncan ISSO, Application Security Specialist Government Contractor with STG, Inc. NOAA :: National Climatic Data Center On 06/03/2010 04:34 PM, Jeff Testman wrote:
Josh, As another resource you may want to jump over to the foofus-tools-request () lists foofus net list and ask. A lot of info concerning pwdump6 and large AD domains was covered the last few weeks. - Jeff On Thu, Jun 3, 2010 at 10:24 AM, Josh_smith <pentestuk__ () hotmail co uk> wrote:Hi Guys, I have just searched the old threads around password audits/auditing, and it seems most have only focused on SAM dumps for local accounts. I wanted to audit the hashes for AD domain member accounts that from my research live in ntds.dit (not seen much info on the structure of this file). Are there any tools that dump hashes from the AD Database ntds.dit so I can import them into Cain/John/Ophcrack etc? PwdumpX sounded promising but havent got a working copy and cannot find a download for it. I have used Pwdump7 which is great but it only extracts data from SAM/SYSTEM registry hives and isnt suitable for domain hashes in ntds.dit, however I havent heard of any tool to get them... Look forward to any replies as I am sure people have audited domain passwords as opposed to local passwords? Best Regards, Josh -- View this message in context: http://old.nabble.com/Password-Audit-%28AD-Domain-hashes%29-tp28769030p28769030.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwOc9cACgkQnvIkv6fg9hYh6wCgh8yk6mgoTb874spnxwdg3Zim PD8AnRQ8BGdU3Ge4IpqWzg6hu8tUQCO/ =IY5p -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Password Audit (AD Domain hashes) Josh_smith (Jun 03)
- Re: Password Audit (AD Domain hashes) Juan Pablo Perez Etchegoyen (Jun 08)
- RE: Password Audit (AD Domain hashes) Kevin Short (Jun 08)
- Re: Password Audit (AD Domain hashes) Jeff Testman (Jun 08)
- Re: Password Audit (AD Domain hashes) Mike Duncan (Jun 08)
- Re: Password Audit (AD Domain hashes) Jeff Testman (Jun 08)
- Re: Password Audit (AD Domain hashes) Mike Duncan (Jun 08)
- Re: Password Audit (AD Domain hashes) ThoughtCancer (Jun 08)
- RE: Password Audit (AD Domain hashes) Paul Melson (Jun 08)