Tutorial: Domain Password Auditing

Acquiring the certification isn‘s going to be an easy task, but if you have the expertise help of the PMI PBA Dumps offered at the ITCertDumps, you would be able to achieve it in a single attempt.

Estimated reading time: 3 minutes


This tutorial is for password auditing of network credentials within your domain. We will use Kali Linux along with some open source software to validate your password policies. As always make sure you have permission to perform this audit at the least every everyone should check to verify that people using privileged accounts are not using the same password for their privileged account and normal user account. Preparation:1) Access to a domain controller for the domain that we will be auditing2) Kali Linux3) ntdsxtract-master.zip (https://github.com/csababarta/ntdsxtract)4) libesedb-experimental-20160622.tar.gz (https://github.com/libyal/libesedb/releases)5) Install ntdsextract and libesedb using instructions given within the archive.

Get your NTDS database off the server:

  1. Log into your Domain controller using and admin level account
  2. Open a command prompt
  3. Type ntdsutil
  4. Your prompt should change to ntdsutil:
  5. Type active instance ntds
  6. Type ifm
  7. Your prompt should change to ifm:
  8. Type create full <location of where you want your backup> (i.e. c:pentest)
  9. Once the backup is complete, type quit.
  10. Now copy the folder with your backup to your Kali Linux system

Extract the NTDS database:

  1. navigate to the ntds.dit file (i.e. /root/pentest/Active Directory)
  2. run esedbexport -m tables /ntds.dit

Extract the password hashes:

  • run dsusers.py ./ntds.dit.export/datatable.4 ./ntds.dit.export/link_table.7 ./hashdumpwork 鈥搒yshive ../SYSTEM 鈥損asswordhashes 鈥搇moutfile lm-out.txt 鈥搉toutfile nt-out.txt 鈥損wdformat john

    Clearing the Certification isn‘s considered to be that much easy, you have to go through rigorous training and lots of PMI RMP Dumps would be needed to go through unless you have some expertise training courses like such offered at the ITCertDumps.

    ccnp exam

Ok,?let’s break this command down:

  • dsuser.py is the program we just installed for this to pull the hashes out of the database
  • ./ntds.dit.export/datatable.4 database table for the ntds database number may be different
  • ./ntds.dit.export/link_table.7 same as above number may also be different
  • these two tables are need to allow the program to match up usernames with their associated hashes
  • ./hashdumpwork just a nice way to keep your directory cleaned up will dump all supported files that will be generated here along with our output files
  • –lmoutfile lm-out.txt this is our file for any lm passwords normally will be blank for modern domains
  • –ntoutfile nt-out.txt this is our file for ntlm passwords this is where all the good stuff goes
  • –pwdformat john this tells our program how we wanted this formatted we will format for john the ripper

We have the user accounts and hashes, now what?This is where we can now start to audit our passwords I prefer to open as a spreadsheet first. This allows me to sort the accounts by hashes. I can now easily see if my admins are using the same password for their normal account and their privileged accounts, same hash = same password. If you have multiple domains you are auditing you can also easily check if people are using the same password across multiple domains which also is a no-no.Everything up to this point should be done as a regular password auditing however some organizations may want to go a step further. Make sure you clear this first, if you decide to check for 鈥榳eak鈥?passwords, as this could become a 鈥榬esume producing event鈥?Remember we formatted our output files for john the ripper? Let’s open johnny and load in our password file, and your favorite word list. If you don‘s have one yet a quick search will give you plenty to choose from. I always also edit it to contain known default passwords. Remember we are not going overboard to see if we can crack everyone’s passwords we just want to check for 鈥榳eak鈥?passwords and you would be surprised at what will pop up even with a good domain password policy.

Now that you have known about the Salary of Network Security Engineer, you must be attracted to achieving it. If you wish to have it, you must have to do lots and lots of studies, unless you have a good and reliable PMI SP Dumps provider like that of the ITCertDumps.

Posted in Uncategorized

Leave a Reply

Your email address will not be published.