Lab objective:

• Dump Windows password hashes from both the NTDS.dit file on the Domain Controller and the SAM database on a client computer.
• Identify an NTLM hash and crack it on Kali Linux.

Windows will store user passwords in LM:NTLM format

• What this means:
  • The LM hash of ‘Student123!’ is: aad3b435b51404eeaad3b435b51404ee
  • The NT hash of ‘Student123!’ is: 78d02e9f72b44149cff6ed9ff16efcbc
• If the user Administrator has a password of ‘Student123!’, the password will be stored using both the LM Hash and the NT Hash. A typical entry within Windows might look like this.
• In other words, Windows will store passwords using both formats. It will be necessary to know later that these are two different hash formats for the same plaintext input.

Fun Fact: The NT hash is just MD4!

Log into your domain controller as ‘Administrator’ and open ‘Active Directory Users and Computers’

• Right-click on users and create a new user.

This is important: We are going to create an easily crackable password.

• Username: harry
• Password: dogs12

Use dogs12 for the password.

Once you click ‘Next’ and ‘Finish,’ you’ll get an error about missing password requirements.

• Let’s fix that!