Skip to content

EUWValak/ntlm_parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ntlm_parser.sh
ntlm_parser.sh
 
 

Repository files navigation

NTDS Parser

Overview

NTDS Parser is a script designed to analyse the NTDS database and match the passwords of hacked users. With v02 I've added new functionality such as automating the dump and crack of the NTDS database from the ntds.dit file and the SECURITY file. The rest remains unchanged. The script outputs the matched user-password pairs and provides an option to save the results to a file.

Crack

Features

  • Input Parsing: Handles two input files: ntds.dit and SYSTEM.
  • Dump credential: Extract all NTLM hashes that concern AD users.
  • Crack credential: Try to crack all theses hashes.
  • Matching: Finds and displays matches between NT hashes in both files, showing the corresponding User:Password pairs.
  • Output Options: Displays results on the console and optionally saves them to a specified output file.

Usage

To run the script, use the following command:

./ntds_parser.sh crack ntds.dit SYSTEM [-w specify_wordlist] [-r specify_rules] [-o output_file]

Parameters

  • ntds.dit: Dump of the ntds.dit (Default location : C:\Windows\NTDS\Active Directory\ntds.dit)
  • SYSTEM: Dump of the SYSTEM file (Default location : C:\Windows\NTDS\registry\SYSTEM)
  • -w: (Optional) Specifies the wordlist for cracking the password.
  • -r: (Optional) Specifies the rules for cracking the password.
  • -o output_file: (Optional) Specifies the output file to save the matched results. If not provided, results are displayed only on the console.

Coerce

Features

  • Input Parsing: Handles two input files: ntds_dump and hash_cracked.
  • Matching: Finds and displays matches between NT hashes in both files, showing the corresponding User:Password pairs.
  • Output Options: Displays results on the console and optionally saves them to a specified output file.

Usage

To run the script, use the following command:

./ntds_parser.sh coerce ntds_dump hash_cracked [-o output_file]

Parameters

  • ntds_dump: The NTDS file containing user data formatted as User:xxx:xxx:NT_hash:::.
  • hash_cracked: The file containing cracked NT hashes and passwords formatted as NT_hash:Password.
  • -o output_file: (Optional) Specifies the output file to save the matched results. If not provided, results are displayed only on the console.

Help

To display the help message, simply run the script without any arguments:

./ntds_parser.sh

Installation

Follow these steps to set up the script:

  1. Clone the repository :
git clone https://github.com/EUWVeNoM/ntlm_parser.git
  1. Navigate into the directory :
cd ntlm_parser
  1. Make the script executable :
chmod +x ntds_parser.sh

Contributing

Contributions are welcome! If you find a bug or have a feature request, please open an issue or submit a pull request. Your input helps improve the script.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Author

GitHub: EUWVeNoM

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages