-
-
Save gavz/c2fdb57790cec609f98495bd77263be7 to your computer and use it in GitHub Desktop.
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller | |
| #Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH::: | |
| # ./check_hashes.py <hash_dump> | |
| import sys | |
| hashes = {} | |
| with open(sys.argv[1]) as infile: | |
| for line in infile: | |
| ntlmhash = line.split(':')[3] | |
| lmhash = line.split(':')[2] | |
| user = line.split(':')[0] | |
| try: | |
| hashes[ntlmhash].append(user) | |
| except KeyError: | |
| hashes[ntlmhash] = [user] | |
| largest_group = 0 | |
| for hash in hashes: | |
| if hash != '31d6cfe0d16ae931b73c59d7e0c089c0': | |
| if len(hashes[hash]) > largest_group: | |
| largest_group = len(hashes[hash]) | |
| print() | |
| for x in range(2,largest_group+1): | |
| for hash in hashes: | |
| if len(hashes[hash]) == x: | |
| for user in hashes[hash]: | |
| print(user) | |
| print() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment