HOW TO Retrieve hash password from Active Directory

Question

Greetings, I am working for some security task to assess weak and compromised password. I have a list of compromised passwords (NTLM hashed) and I want to compare it against our AD passwords. How do I retrieve hash passwords from Active Directory using C#? So I want to compare hashed password against hashed password.

Guest User · Answer

The users' password is stored in the Active Directory on a user object in the unicodePwd attribute. This attribute can be written under restricted conditions, but it cannot be read due to security reasons. The attribute can only be modified; it cannot be added on object creation or queried by a search. In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server. For this connection to be possible, the server must possess a server certificate for a 128-bit RSA connection, the client must trust the certificate authority (CA) that generated the server certificate, and both client and server must be capable of 128-bit encryption. The unicodePwd stores a one-way format of the password that makes it is extremely difficult to determine the original password. AD normally does not use UserPassword attribute to store domain passwords. For more information, please refer to: How To Change a Windows 2000 User's Password Through LDAP http://support.microsoft.com/default.aspx?scid=kb;EN-US;269190 How to set a user's password with Ldifde http://support.microsoft.com/default.aspx?scid=kb;EN-US;263991

Dipa Mehta · Answer

Resetting forgotten login passwords of domain users is a crucial bottleneck, which a help desk technician has to handle as a routine. A password reset ticket or a forgotten login password has to be addressed within minutes in-order to avoid employee downtime and productivity loss. It is estimated that atleast 40 percent help desk tickets are related to password resets and on an average each change password ticket is time consuming (about 20 minutes) thus prevents the helpdesk from focusing on more pressing issues. refer this link and reset your password with help of helpdesk you can get the detailed support to retrive your password from Active Directory using C#. https://www.manageengine.com/products/self-service-password/self-service-password-reset.html?cam=1825951432&adgid=69149527866&kwd=%2Bad%20%2Bpassword&loc=1007760&ps_ca=1825951432&ps_adg=69149527866&cam=1825951432&adgid=69149527866&kwd=%2Bad%20%2Bpassword&matchtype=b&adid=345336753574&network=g&position=1t1&loc=1007760&placement=&gclid=Cj0KCQiAn8nuBRCzARIsAJcdIfPpb3dxSTgCdW_Zr7xfp4wi40vqFd3yb2l782HZWinMoQJEFmTeL6caAlnOEALw_wcB or try with this one: https://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/

Sanwar Ranwa · Answer

Hello Mister Follow these Links ,its may help you https://security.stackexchange.com/questions/100271/extract-password-hashes-from-active-directory-ldap https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ https://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/