Improper use might cause irreversible damage to domain controllers or negatively impact domain security. Password hash calculation, including NT hash, LM hash and kerberos keys.ĭISCLAIMER: Features exposed through these tools are not supported by Microsoft.Extracting credential roaming data and DPAPI domain backup keys, either online through directory replication, LSARPC and offline from ntds.dit.LSA Policy modification through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC).Domain or local account password hash injection through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or directly into the database.Online password hash dumping through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR).Offline ntds.dit file manipulation, including hash dumping, password resets, group membership changes, SID History injection and enabling/ disabling accounts.Bare-metal recovery of domain controllers from just IFM backups (ntds.dit + SYSVOL).New NGC keys can also be registered through the MS-DRSR protocol. Keys can also be tested against the ROCA vulnerability. Key credential auditing and generation, including support for NGC, FIDO2 and STK keys.Active Directory password auditing that discovers accounts sharing the same passwords or having passwords in a public database like HaveIBeenPwned or in a custom dictionary.Azure Active Directory FIDO2 key auditing and retrieval of system information about all user-registered key credentials.The DSInternals PowerShell Module provides easy-to-use cmdlets that are built on top of the Framework.The codebase has already been integrated into several 3 rd party commercial products that use it in scenarios like Active Directory disaster recovery, identity management, cross-forest migrations and password strength auditing. The DSInternals Framework exposes several internal features of Active Directory and can be used from any.The DSInternals project consists of these two parts:
0 kommentar(er)
