cracke-dit(“Cracked It”) makes it easier to perform regular password audits against Active Directory environments.
Ensuring your users have strong passwords throughout the organisation is still your best line of defence against common attacks. Many organisations over estimate just how secure their users’ passwords are. “London123”, “Winter2017”, “Passw0rd” – all complex passwords, according to the default Group Policy rules.
By performing regular audits, you can identify users with weak passwords and take action inline with your policies and procedures.
# General Tips
1. Introduce internal training on what a secure password is, why they’re important and embed it in to your induction programme.
2. Consider rolling out a password manager and adequate training for all of your users – stronger, longer and more unique passwords is better for everyone.
3. Gradually increase your password minimum length requirement to 12 characters.
4. Phase out forcing your users to “reset password every X days”. There is research to suggest that this doesn’t help create strong passwords, but in fact has the opposite effect.
5. Carry out a password audit quarterly. Do not name and shame people. Get HR buy-in and introduce a “3 strike system” that will carry a formal warning.
git clone https://github.com/eth0izzle/cracke-dit && cd cracke-dit
pip install -r requirements.txt
The first step in your password cracking adventure is to extract a copy of the Active Directory database, ntds.dit, which contains the password hashes. I like to involve and get as much buy-in as possible from the Admins so I will ask them very nicely to extract the files for me. However if you have domain credentials you can do it yourself:
1. On a Domain Controller open up an elevated command prompt.
2. Run `ntdsutil "ac i ntds" "ifm" "create full c:\temp" q q`.
3. **Securely** extract `c:\temp\Active Directory\ntds.dit` and `c:\temp\registry\SYSTEM` to your system with cracke-dit.
Or remotely via metasploit.
Run the module `auxiliary/admin/smb/psexec_ntdsgrab` and fill in the required options. This requires SMB access via the C$ share.
python cracked-dit.py --system SYSTEM --ntds samples/ntds.dit