Didier Stevens

Tuesday 12 July 2016

Practice ntds.dit File Part 1

Filed under: Encryption — Didier Stevens @ 0:00

I’m publishing a sample Active Directory database file (ntds.dit) together with the corresponding SYSTEM registry hive so that you can practise hash extraction and password cracking.

This ntds.dit and system file come from a virtual machine I installed just for this purpose: Windows Server 2003 Standard Edition with SP1 (English). The reason I selected an old Windows version, is that 2003 still supports LM hashes by default.

I changed the password policy to allow very weak passwords:

20160710-125218

I added 40 users: 20 users with passwords taken from the rockyou database leak and 20 users with random passwords (varying in length from 1 to 20 characters). Some of the passwords I randomly selected from rockyou are longer than 14 characters: when a password is longer than 14 characters, Windows does not store a LM hash for that password.

You can find many how-tos on the Internet showing you how to extract the LM and NTLM hashes from the Active Directory database file. I too will posts examples of hash extraction and password cracking.

Happy cracking!

ntds.zip (https)
MD5: F20E477D9784E009777F286ABF718FA3
SHA256: F5EBBF57B3C646FC339ECEEE03063BEDE9E0E7FC8254B0E57A77CC4036134B04

6 Comments »

  1. […] are several how-tos on the Internet explaining you how to extract hashes from the Active Directory database file. I used this how-to for Kali Linux: […]

    Pingback by Practice ntds.dit File Part 2: Extracting Hashes | Didier Stevens — Wednesday 13 July 2016 @ 0:00

  2. […] The second post shares a NTDS.DIT database file and SYSTEM hive from a Windows Server 2003 Standard Edition with SP1 (English) VM to allow examiners to practice extracting password hashes. Practice ntds.dit File Part 1 […]

    Pingback by Week 28 – 2016 – This Week In 4n6 — Sunday 17 July 2016 @ 12:51

  3. Hi Didier,
    Thanks!, did you also include password changes/history in the dataset?

    Comment by Erik — Sunday 24 July 2016 @ 15:13

  4. No.

    Comment by Didier Stevens — Sunday 24 July 2016 @ 15:14

  5. […] Practice ntds.dit File Part 1 […]

    Pingback by Practice ntds.dit File Overview | Didier Stevens — Monday 25 July 2016 @ 9:15

  6. […] Practice ntds.dit File Part 1 […]

    Pingback by Overview of Content Published In July | Didier Stevens — Monday 1 August 2016 @ 0:00


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: