Below are show notes for an episode of the 7 Minute Security podcast, a weekly podcast I publish that focuses on topics such as penetration testing, network configuration, blue-teaming and career advice. I welcome you to subscribe in your favorite podcast app so you don't miss an episode!
Cracking passwords in the cloud is super fun (listen to last week's episode to learn how to build your own cracking box on the cheap at Paperspace)!
In the last couple weeks, customers have asked me about doing a password strength assessment on their Active Directory environment. I asked around and read a bunch of blogs and found a method that I think:
- Extracts the hashes safely
- Parses down the dump to contain only the hashes (so that if somebody popped my Paperspace cloud-crackin' box, they'd have just a list of half-cracked hashes and that's it)
- Does the work pretty automagically
I talk about this in more detail in today's podcast, and here's the gist you can follow with all the necessary commands to get AD crackin'!
Note: the embedded gist looks kind of jacked up on the blog and I don't know why, so you might want to visit the gist directly for easier readability.