I’m publishing a sample Active Directory database file (ntds.dit) together with the corresponding SYSTEM registry hive so that you can practise hash extraction and password cracking.
This ntds.dit and system file come from a virtual machine I installed just for this purpose: Windows Server 2003 Standard Edition with SP1 (English). The reason I selected an old Windows version, is that 2003 still supports LM hashes by default.
I changed the password policy to allow very weak passwords:
I added 40 users: 20 users with passwords taken from the rockyou database leak and 20 users with random passwords (varying in length from 1 to 20 characters). Some of the passwords I randomly selected from rockyou are longer than 14 characters: when a password is longer than 14 characters, Windows does not store a LM hash for that password.
You can find many how-tos on the Internet showing you how to extract the LM and NTLM hashes from the Active Directory database file. I too will posts examples of hash extraction and password cracking.