Simulated Password Cracking with the NTDS.DIT Export – Part 2

Now we have a copy of the hashes we can sling them through John. There are several approaches to this, but for the purposes of simulating an attack its best to use 2. They are: A default JTR crack A company specific wordlist crack Basically JTR has certain options for rules. I’ve found that if you’re … More Simulated Password Cracking with the NTDS.DIT Export – Part 2

Simulated Password Cracking with the NTDS.DIT Export – Part 1

In order to check to see if passwords can be cracked or guessed by the evil-doers we have an advantage that we rarely use. By performing a simulated password crack on our existing AD users we can obtain the upper hand by finding the failing passwords before the bad guys do. Firstly we need to … More Simulated Password Cracking with the NTDS.DIT Export – Part 1