Lab objective:
- Dump Windows password hashes from both the
NTDS.dit file on the Domain Controller and the SAM database on a client computer.
- Identify an NTLM hash and crack it on Kali Linux.
Windows will store user passwords in LM:NTLM format
- What this means:
- The LM hash of ‘Student123!’ is:
aad3b435b51404eeaad3b435b51404ee
- The NT hash of ‘Student123!’ is:
78d02e9f72b44149cff6ed9ff16efcbc
- If the user Administrator has a password of ‘Student123!’, the password will be stored using both the LM Hash and the NT Hash. A typical entry within Windows might look like this.
- In other words, Windows will store passwords using both formats. It will be necessary to know later that these are two different hash formats for the same plaintext input.

Fun Fact: The NT hash is just MD4!
Log into your domain controller as ‘Administrator’ and open ‘Active Directory Users and Computers’
- Right-click on users and create a new user.

This is important: We are going to create an easily crackable password.
- Username: harry
- Password: dogs12

Use dogs12 for the password.

Once you click ‘Next’ and ‘Finish,’ you’ll get an error about missing password requirements.