Security Basics mailing list archives
Re: ntds.dit, john and pwdump2
From: "the.soylent" <the.soylent () gmail com>
Date: Mon, 24 Jan 2005 19:22:20 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi! have you tried cain? in the online-manuel (http://www.oxid.it/ca25um/) theres the talk of a cracker and a converter here`s the link -> http://www.oxid.it/cain.html cheers, soylent Dave Dyer schrieb: | Hello List, | | I am cracking a password file for a client, and have a copy of the NTDS.DIT | file from a domain controller (win2k/Active Directory). We do not have | access to L0phtcrack currently, and I'm on a deadline. I was going to use | John the Ripper with some plugins written by 3rd parties to crack the | password file, but apparently the NTDS.DIT file isn't really a hashed file | that John can read | | After some research, I found that you can use PWDUMP2 to actually export the | user/pw information on the DC to a hashed file that you can then crack with | John (even if syskey is used after SP2). However, in order for PWDUMP to | work, you have to run it as an administrator from the DC itself, where it | injects its own .dll into the lsass.exe process, which I no longer have | access to. My question is this: | | Does anyone know if there is a way to extract the user/pw information from | the NTDS.DIT file (rather than from lsass.exe on the server) into a hashed | file that I can then crack with John? | | If not, does anyone have any other suggestions on what I can do with this | NTDS.DIT file to crack it? | | Thanks in Advance, | | dave | | *********** | | Dave Dyer | | <mailto:ddyer () enspherics com <mailto:ddyer () enspherics com> > | | "So you'll bring experts in to water the company's plants but you'll do the | security thing yourself?" | | -QinetiQ in the Financial Times | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) iD8DBQFB9TzcY86qEhC92cgRAikEAKCNZ4soUQMuqOF+9tanIA3wtWxs4wCgu3nX k/XXlQWs5ItRlSwZw9hydpk= =Fnb9 -----END PGP SIGNATURE-----
Current thread:
- ntds.dit, john and pwdump2 Dave Dyer (Jan 24)
- Re: ntds.dit, john and pwdump2 the.soylent (Jan 24)
- RE: ntds.dit, john and pwdump2 Dave Dyer (Jan 25)
- <Possible follow-ups>
- RE: ntds.dit, john and pwdump2 Beauford, Jason (Jan 24)
- RE: ntds.dit, john and pwdump2 Klotz, Brian (Jan 24)
- RE: ntds.dit, john and pwdump2 Dave Dyer (Jan 25)
- Re: ntds.dit, john and pwdump2 miguel . dilaj (Jan 25)
- RE: ntds.dit, john and pwdump2 Roger A. Grimes (Jan 26)
- RE: ntds.dit, john and pwdump2 Roger A. Grimes (Jan 27)
- Re: ntds.dit, john and pwdump2 the.soylent (Jan 24)