Extract Password Hashes from Active Directory LDAP
Currently we are working on a monthly internal security test which among other should contain a verification of the real password strength the users choose. For this reason I want to extract the password hashes of all users via LDAP. Everything I found was this technet discussion telling me I cant extract the hashes even not as an Administrator which I really can't (don't want) to believe.
Is there any way to extract the password hashes from an Active Directory Server?
What we want to do is extracting the hashes though we can run a syllable attack against them to verify if the passwords are really or just technically good.
Even if you got them out, how would you verify the passwords? The hashes are, by definition, not reversible. That is, you can't get a password from a hash.
Of cause they arent reversable. We are creating wordlists based on common words, technical terms,... and then run a syllable attack against the hashes to verify if they are really secure or just a common word with a number and a special char attached.
You need to get the
NTDS.DITbinary file out of
You can use
ntdsutilto create a snapshot of the AD database so that you can copy
Then you can use something like the Windows Password Recovery tool to extract the hashes.