home-kali-slider-1

Active Directory password audit using Kali

Posted on 11th January 2017

Following on from my recent security education, I recently performed an internal security audit of Active Directory passwords on my Kali build. There are many tutorials online for this (and if you’re a domain administrator, give it a go, it’s fun).

I had a couple of issues, but by cobbling together instructions from various places I managed to get what I wanted (and found that about 40 members of staff had a password that featured the company name, now rectified).

I am unfortunately too lazy to write my down detailed post on how to do it, but the resources I used were:

https://blog.didierstevens.com/2016/07/13/practice-ntds-dit-file-part-2-extracting-hashes/

https://www.trustwave.com/Resources/SpiderLabs-Blog/Tutorial-for-NTDS-goodness-(VSSADMIN,-WMIS,-NTDS-dit,-SYSTEM)/

http://security.sunera.com/2014/05/starting-active-directory-password.html

https://github.com/libyal/libesedb/wiki/Building#source-distribution-package

https://github.com/pentestgeek/smbexec/issues/127

Be the first to leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *