2.2 C
New York
Tuesday, December 3, 2024

A Device To Generate A Wordlist From The Info Current In LDAP, In Order To Crack Passwords Of Area Accounts




A Device To Generate A Wordlist From The Info Current In LDAP, In Order To Crack Passwords Of Area Accounts

A instrument to generate a wordlist from the data current in LDAP, so as to crack non-random passwords of area accounts.

 

Options

The larger the area is, the higher the wordlist will probably be.

  • [x] Creates a wordlist based mostly on the next info discovered within the LDAP:
  • [x] Person: identify and sAMAccountName
  • [x] Laptop: identify and sAMAccountName
  • [x] Teams: identify
  • [x] Organizational Models: identify
  • [x] Energetic Listing Websites: identify and descriptions
  • [x] All LDAP objects: descriptions
  • [x] Select wordlist output file identify with possibility --outputfile

Demonstration

To generate a wordlist from the LDAP of the area area.native you should use this command:

./LDAPWordlistHarvester.py -d 'area.native' -u 'Administrator' -p 'P@ssw0rd123!' --dc-ip 192.168.1.101

You’ll get the next output if utilizing the Python model:

You’ll get the next output if utilizing the Powershell model:


Cracking passwords

After getting this wordlist, you must crack your NTDS utilizing hashcat, --loopback and the rule clem9669_large.rule.

./hashcat --hash-type 1000 --potfile-path ./consumer.potfile ./consumer.ntds ./wordlist.txt --rules ./clem9669_large.rule --loopback

Utilization

$ ./LDAPWordlistHarvester.py -h
LDAPWordlistHarvester.py v1.1 - by @podalirius_

utilization: LDAPWordlistHarvester.py [-h] [-v] [-o OUTPUTFILE] --dc-ip ip tackle [-d DOMAIN] [-u USER] [--ldaps] [--no-pass | -p PASSWORD | -H [LMHASH:]NTHASH | --aes-key hex key] [-k]

choices:
-h, --help present this assist message and exit
-v, --verbose Verbose mode. (default: False)
-o OUTPUTFILE, --outputfile OUTPUTFILE
Path to output file of wordlist.

Authentication & connection:
--dc-ip ip tackle IP Handle of the area controller or KDC (Key Distribution Heart) for Kerberos. If omitted it is going to use the area half (FQDN) specified within the id parameter
-d DOMAIN, --domain DOMAIN
(FQDN) area to authenticate to
-u USER, --user USER consumer to authenticate with
--ldaps Use LDAPS as a substitute of LDAP

Credentials:
--no- move Do not ask for password (helpful for -k)
-p PASSWORD, --password PASSWORD
Password to authenticate with
-H [LMHASH:]NTHASH, --hashes [LMHASH:]NTHASH
NT/LM hashes, format is LMhash:NThash
--aes-key hex key AES key to make use of for Kerberos Authentication (128 or 256 bits)
-k, --kerberos Use Kerberos authentication. Grabs credentials from .ccache file (KRB5CCNAME) based mostly on the right track parameters. If legitimate credentials can't be discovered, it is going to use those specified within the command line



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles