adpwn - tools for Windows Active-Directory explotaition and pwning.

adpwn – tools for Windows Active-Directory explotaition and pwning.

ADPWN is a Useful tools for Windows AD explotaition and pwning. dsinternalsparser.py This tool makes easy and faster the dumping process of hashes stored in a domain controller.
Note
* It uses the output of the DSInternals modules that retreives reversibly encrypted plaintext passwords, password hashes and Kerberos keys of all user accounts from domain controllers.

* As mentioned in DSInternals web page(https://www.dsinternals.com/en/), it is possible to retrieve hashes remotely, instead of the well known method using vssadmin, ESEDBTOOLS and NTDSXtract, pretty slow in some cases because of the NTDS.dit size, ESEDBTOOLS misconfigurations, etc.

DSInternals Parser v1.0

Requirements
– Python 2.7 environment
– DSInternals output file generated with Get-ADReplAccount or Get-ADDBAccount.

TODO:
To extract the hashes remotely:
1. Retrieve all users attributes with the DSinternals module Get-ADReplAccount, and save it to a local file.

The file generated has a format similar to the next one.

2. Parse the localfile with dsinternaslparser.py
./dsinternalsparser.py -o dump localfile.txt
3. After execution, if no options are given, dsinternalsparser.py creates 6 files.
– NTLM File (dump_ntlm.txt): Contains username and current NTLM Hash.
– NTLM History File (dump_ntlm_history.txt): Contains username and NTLM History Hashes.
– LM File (dump_lm.txt): Contains username and current LM Hash.
– Cleartext File (dump_cleartext.txt): Contains username and Cleartext password, if exists.
– NTLM History File (dump_wdigest.txt): Contains username and WDigest history Hashes.

Usage:

Source: https://github.com/r4wd3r