Didier Stevens

Saturday 30 July 2016

Video: ntds.dit: Extract Hashes With secretsdump.py

Filed under: Encryption — Didier Stevens @ 17:40

In this video I show an alternative to my blogpost on extracting hashes from the Active Directory database file ntds.dit.

I use secretsdump.py from Core Security’s impacket Python modules. The advantage is that this is a pure Python solution, and that it was able to automatically select the correct object ID. Dependencies are pycrypto and pyasn1.

5 Comments »

  1. […] Video: ntds.dit: Extract Hashes With secretsdump.py […]

    Pingback by Overview of Content Published In July | Didier Stevens — Monday 1 August 2016 @ 0:01

  2. Why are my LMHASHs and NTHASHs coming out of secretsdump 33 characters long? Where else can I ask this question?

    Comment by Bob — Monday 13 February 2017 @ 15:46

  3. You can check the Github: https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

    Comment by Didier Stevens — Monday 13 February 2017 @ 16:28

  4. […] extract password history from ntds.dit with secretsdump.py, use option […]

    Pingback by Practice ntds.dit File Part 9: Extracting Password History Hashes | Didier Stevens — Friday 3 March 2017 @ 0:00

  5. […] Video: ntds.dit: Extract Hashes With secretsdump.py […]

    Pingback by Practice ntds.dit File Overview | Didier Stevens — Friday 3 March 2017 @ 9:43


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: