A instrument to generate a wordlist from the data current in LDAP, so as to crack non-random passwords of area accounts.
Options
The larger the area is, the higher the wordlist will probably be.
- [x] Creates a wordlist based mostly on the next info discovered within the LDAP:
- [x] Person:
identify
andsAMAccountName
- [x] Laptop:
identify
andsAMAccountName
- [x] Teams:
identify
- [x] Organizational Models:
identify
- [x] Energetic Listing Websites:
identify
anddescriptions
- [x] All LDAP objects:
descriptions
- [x] Select wordlist output file identify with possibility
--outputfile
Demonstration
To generate a wordlist from the LDAP of the area area.native
you should use this command:
./LDAPWordlistHarvester.py -d 'area.native' -u 'Administrator' -p 'P@ssw0rd123!' --dc-ip 192.168.1.101
You’ll get the next output if utilizing the Python model:
You’ll get the next output if utilizing the Powershell model:
Cracking passwords
After getting this wordlist, you must crack your NTDS utilizing hashcat, --loopback
and the rule clem9669_large.rule.
./hashcat --hash-type 1000 --potfile-path ./consumer.potfile ./consumer.ntds ./wordlist.txt --rules ./clem9669_large.rule --loopback
Utilization
$ ./LDAPWordlistHarvester.py -h
LDAPWordlistHarvester.py v1.1 - by @podalirius_utilization: LDAPWordlistHarvester.py [-h] [-v] [-o OUTPUTFILE] --dc-ip ip tackle [-d DOMAIN] [-u USER] [--ldaps] [--no-pass | -p PASSWORD | -H [LMHASH:]NTHASH | --aes-key hex key] [-k]
choices:
-h, --help present this assist message and exit
-v, --verbose Verbose mode. (default: False)
-o OUTPUTFILE, --outputfile OUTPUTFILE
Path to output file of wordlist.
Authentication & connection:
--dc-ip ip tackle IP Handle of the area controller or KDC (Key Distribution Heart) for Kerberos. If omitted it is going to use the area half (FQDN) specified within the id parameter
-d DOMAIN, --domain DOMAIN
(FQDN) area to authenticate to
-u USER, --user USER consumer to authenticate with
--ldaps Use LDAPS as a substitute of LDAP
Credentials:
--no- move Do not ask for password (helpful for -k)
-p PASSWORD, --password PASSWORD
Password to authenticate with
-H [LMHASH:]NTHASH, --hashes [LMHASH:]NTHASH
NT/LM hashes, format is LMhash:NThash
--aes-key hex key AES key to make use of for Kerberos Authentication (128 or 256 bits)
-k, --kerberos Use Kerberos authentication. Grabs credentials from .ccache file (KRB5CCNAME) based mostly on the right track parameters. If legitimate credentials can't be discovered, it is going to use those specified within the command line