Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

README.md

Match-ADHashes

Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap

<# .NAME Match-ADHashes

.SYNOPSIS Matches AD NTLM Hashes against other list of hashes

.DESCRIPTION Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap -Outputs results as object including username, hash, and frequency in database -Frequency is included in output to provide additional context on the password. A high frequency (> 5) may indicate password is commonly used and not necessarily linked to specific user's password re-use.

.PARAMETER ADNTHashes File Path to 'Hashcat' formatted .txt file (username:hash)

.PARAMETER HashDictionary File Path to 'Troy Hunt Pwned Passwords' formatted .txt file (HASH:frequencycount)

.PARAMETER Verbose Provide run-time of function in Verbose output

.EXAMPLE $results = Match-ADHashes -ADNTHashes C:\temp\adnthashes.txt -HashDictionary C:\temp\Hashlist.txt

.OUTPUTS Array of HashTables with properties "User", "Frequency", "Hash" User Frequency Hash
---- --------- ----
{TestUser2, TestUser3} 20129 H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1 {TestUser1} 1 H2H2H2H2H2H2H2H2H2H2H2H2H2H2H2H2

.NOTES If you are seeing results for User truncated as {user1, user2, user3...} consider modifying the Preference variable $FormatEnumerationLimit (set to -1 for unlimited)

=INSPIRATION / SOURCES / RELATED WORK
    -DSInternal Project https://www.dsinternals.com
    -Checkpot Project https://github.com/ryhanson/checkpot/

=FUTURE WORK
    -Performance Testing, optimization
    -Other Languages (golang?)

.LINK https://github.com/DGG-IT/Match-ADHashes/

#>

About

Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.