Get rid of those bad passwords in your organisation, if you can crack them so as an attacker. There is a lot of debate on how much this feature can really help. To see its benefits give it a go and see how many bad passwords lurking in your organisation. you are baffled to find famous holiday spots, football clubs and of course lots of P@$$w0rd123’s for sure.
we will audit active directory and collect password dump, put it through hash cat(a tool designed to crack passwords) to hack all passwords. The end result hopefully is we don’t have any cracked hashes(which means weak passwords), but it’s 99.99% unlikely.
“NtdsAudit” This is a simple tool designed to dump AD password hashes. you can download from https://github.com/Dionach/NtdsAudit/releases. You can find more info about the tool at https://github.com/Dionach/NtdsAudit/blob/master/README.md
.NET 4.6 or latest in your windows server is needed for the above tool to run successfully.
Kali Linux to crack passwords
Good Password list (use any password list, get the latest and greatest one, I have one which got around 10million breached passwords).
Log in to windows server domain controller (most important) and open command prompt with admin privileges to run following commands.
C:\> ntdsutil ntdsutil: activate instance ntds ntdsutil: ifm ifm: create full c:\passwords ifm: quit ntdsutil: quit
This will create and produce backup in C partition. the output looks like following
Navigate to C:\passwords\Active Directory folder and copy NtdsAudit.exe file you obtained from above URL.
Now run following command to capture all password hashes and save them to a text file called pwdump.txt and all users list will be exported to users.csv
ntdsaudit ntds.dit -s SYSTEM -p pwdump.txt -u users.csv
Output of above command
Users file preview
Output of hashes in pwdump.txt file preview
This is the file we will use to pass it to hashcat for password cracking.