-
-
Save CaledoniaProject/16e8c191a9a21f678b61217313086b34 to your computer and use it in GitHub Desktop.
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller | |
| #Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH::: | |
| # ./check_hashes.py <hash_dump> | |
| import sys | |
| hashes = {} | |
| with open(sys.argv[1]) as infile: | |
| for line in infile: | |
| ntlmhash = line.split(':')[3] | |
| lmhash = line.split(':')[2] | |
| user = line.split(':')[0] | |
| try: | |
| hashes[ntlmhash].append(user) | |
| except KeyError: | |
| hashes[ntlmhash] = [user] | |
| largest_group = 0 | |
| for hash in hashes: | |
| if hash != '31d6cfe0d16ae931b73c59d7e0c089c0': | |
| if len(hashes[hash]) > largest_group: | |
| largest_group = len(hashes[hash]) | |
| print() | |
| for x in range(2,largest_group+1): | |
| for hash in hashes: | |
| if len(hashes[hash]) == x: | |
| for user in hashes[hash]: | |
| print(user) | |
| print() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment