https://github.com/dgg-it/match-adhashes

Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap
https://github.com/dgg-it/match-adhashes

Last synced: 24 days ago
JSON representation

Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap

• Host: GitHub
• URL: https://github.com/dgg-it/match-adhashes
• Owner: DGG-IT
• Created: 2018-08-16T19:11:49.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2020-07-29T13:15:46.000Z (over 4 years ago)
• Last Synced: 2024-08-04T23:10:58.162Z (4 months ago)
• Language: PowerShell
• Size: 5.86 KB
• Stars: 76
• Watchers: 7
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-security-collection - **50**星

README

        
# Match-ADHashes

Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap

<#

.NAME

    Match-ADHashes

.SYNOPSIS

    Matches AD NTLM Hashes against other list of hashes

.DESCRIPTION

    Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap

        -Outputs results as object including username, hash, and frequency in database

        -Frequency is included in output to provide additional context on the password. A high frequency (> 5) may indicate password is commonly used and not necessarily linked to specific user's password re-use.

.PARAMETER ADNTHashes

    File Path to 'Hashcat' formatted .txt file (username:hash)

.PARAMETER HashDictionary

    File Path to 'Troy Hunt Pwned Passwords' formatted .txt file (HASH:frequencycount)

.PARAMETER Verbose

    Provide run-time of function in Verbose output

.EXAMPLE

    $results = Match-ADHashes -ADNTHashes C:\temp\adnthashes.txt -HashDictionary C:\temp\Hashlist.txt 

.OUTPUTS

    Array of HashTables with properties "User", "Frequency", "Hash"

    User                            Frequency Hash                            

    ----                            --------- ----                            

    {TestUser2, TestUser3} 			20129     H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1

    {TestUser1}                     1         H2H2H2H2H2H2H2H2H2H2H2H2H2H2H2H2

.NOTES

    If you are seeing results for User truncated as {user1, user2, user3...} consider modifying the Preference variable $FormatEnumerationLimit (set to -1 for unlimited)

    

    =INSPIRATION / SOURCES / RELATED WORK

        -DSInternal Project https://www.dsinternals.com

        -Checkpot Project https://github.com/ryhanson/checkpot/

    =FUTURE WORK

        -Performance Testing, optimization

        -Other Languages (golang?)

.LINK

    https://github.com/DGG-IT/Match-ADHashes/

#>