Re: ntds.dit, john and pwdump2

["the.soylent" <the.soylent () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi!
have you tried cain?

in the online-manuel (http://www.oxid.it/ca25um/) theres the talk of a
cracker and a converter

here`s the link -> http://www.oxid.it/cain.html

cheers, soylent



Dave Dyer schrieb:

| Hello List,
|
| I am cracking a password file for a client, and have a copy of the
NTDS.DIT
| file from a domain controller (win2k/Active Directory). We do not have
| access to L0phtcrack currently, and I'm on a deadline. I was going to use
| John the Ripper with some plugins written by 3rd parties to crack the
| password file, but apparently the NTDS.DIT file isn't really a hashed file
| that John can read
|
| After some research, I found that you can use PWDUMP2 to actually
export the
| user/pw information on the DC to a hashed file that you can then crack
with
| John (even if syskey is used after SP2). However, in order for PWDUMP to
| work, you have to run it as an administrator from the DC itself, where it
| injects its own .dll into the lsass.exe process, which I no longer have
| access to. My question is this:
|
| Does anyone know if there is a way to extract the user/pw information from
| the NTDS.DIT file (rather than from lsass.exe on the server) into a hashed
| file that I can then crack with John?
|
| If not, does anyone have any other suggestions on what I can do with this
| NTDS.DIT file to crack it?
|
| Thanks in Advance,
|
| dave
|
| ***********
|
| Dave Dyer
|
| <mailto:ddyer () enspherics com <mailto:ddyer () enspherics com> >
|
| "So you'll bring experts in to water the company's plants but you'll
do the
| security thing yourself?"
|
| -QinetiQ in the Financial Times
|
|
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFB9TzcY86qEhC92cgRAikEAKCNZ4soUQMuqOF+9tanIA3wtWxs4wCgu3nX
k/XXlQWs5ItRlSwZw9hydpk=
=Fnb9
-----END PGP SIGNATURE-----