Leaderboard

https://pastebin.com/aZyyS16w

Cea mai ok explicatie de pana acum pe care am gasit-o:

Internetworking with TCP/IP Volume One (6th Edition)

De departe, cel mai meserias: http://x.co/ZeusLinux

la o cautare dupa "WPA2" in baza de date a patentelor, gasim US9491621B2 punctul 13, Claims, pag.8/8 [...] 13. A method for communicating data in a wireless communications network, comprising: transmitting a beacon to a station, the beacon comprising a Wi-Fi Protected Access II pre-shared key (WPA2-PSK) authentication type; receiving an authentication request from the station, the authentication request comprising the WPA2-PSK authentication type, a first secure attribute exchange (SAE) information element, and a station nonce; transmitting an authentication response to the station, the authentication response comprising the WPA2-PSK authentication type, the first SAE information element, and an access point nonce; generating a pairwise master key (PMK) identifier based on the first SAE information element; receiving an association request from the station after generation of the PMK identifier, the association request comprising a key confirmation derived from the PMK identifier and a second SAE information element; and transmitting an association response to the station in response to receiving the association request, the association response comprising the key confirmation and the second SAE information element. [...] vulnerabilitatea Krack pare a fi rezultatul specificatiilor cit si a implementarii. @yoyois protocolul “four-way handshake” folosit, functioneaza cam asa : (AP catre client) stabilim o cheie doar pentru aceasta sesiune. iti trimit un set de date unic, pe sesiune, pe care sa-l folosesti tu. (client catre AP) OK, ia de aici un set de date unic, pe sesiune, pachet de date generate de mine, pe care sa le folosesti tu. in acest moment, ambele parti isi "amesteca" impreuna parolele de retea Wi-Fi ( Pre-Shared Key sau PSK) si cele doua pachete de date transmise genereaza o cheie unica pe sesiune. astfel, se evita utilizarea directa a PSK in datele tansmise criptat in reteaua Wi-Fi, si se asigura cheia unica pe sesiune. (AP catre client) confirma acordul asupra setului de date ca fiind suficient pentru a se construi cheia unica. (Client catre AP) confirma si el acordul sau. nu vad cum ar putea fi extras Pre-Shared Key-ul.

OFF: Daca tot o dai in limbi straine, macar scrie corect, fara greseli gramaticale si de punctuatie. ON: Ceva detalii la "solutia" 1? Referitor la #3, poate ca e ok doar pentru o retea mica (home/small business), nu si in alt context. Cat despre #4, ai auzit de 0day-uri?

Patch-urile sunt disponibile de ani de zile...

See you in November at DefCamp 2017 Want to experience a conference that offers outstanding content infused with a truly cyber security experience? For two days (November 9th-10th) Bucharest will become once again the capital of information security in Central & Eastern Europe hosting at DefCamp more than 1,300 experts, passionate and companies interested to learn the “what” and “how” in terms of keeping information & infrastructures safe. Now it’s getting really close: this year's conference is only months away, and that means very early bird tickets are now available. Register Now at DefCamp 2017 (50% Off) What can you expect from the 2017 edition? 2 days full of cyber (in)security topics, GDPR, cyber warfare, ransomware, malware, social engineering, offensive & defensive security measurements 3 stages hosting over 35 international speakers and almost 50 hours of presentations Hacking Village hosting more than 10 competitions where you can test your skills or see how your technology stands 1,300 attendees with a background in cyber security, information technology, development, management or students eager to learn How to get involved? Speaker: Call for Papers & Speakers is available here. Volunteer: Be part of DefCamp #8 team and see behind the scene the challenges an event like this can have. Partner: Are you searching opportunities for your company? Become our partner! Hacking Village: Do you have a great idea for a hacking or for a cyber security contest? Consider applying at the Hacking Village Call for Contests. Attendee: Register at DefCamp 2017 right now and you will benefit of very early bird discounts. Register Now at DefCamp 2017 (50% Off) Use the following code to get an extra 10% discount of the Very Early Bird Tickets by June 27th. This is the best price you will get for 2017 edition. Code: DEFCAMP_2017_VEB_10 Website: https://def.camp/

https://wellcode.ro/ - Învață programare de la zero Începe să înveți în ritmul tău Fă-ți un cont gratuit și învață să scrii cod de calitate. Vom fi acolo să te ajutăm când ai nevoie. Content: Introducere C++ IDE Tutorial pentru instalarea CodeBlocks Hello world Evaluarea problemelor Afișare Variabile Tipul de date pentru numere întregi Atribuirea valorilor Citirea de la tastatură a variabilelor Afișarea variabilelor Operatori Adunare Calcul Operatori - II Like If - Structura de decizie Structura instrucțiunii if Condiții compuse FizzBuzz If inlănțuit Else Maxim Else if Crescator 3 Comentarii While - Structura repetitivă I While - Cum funcționează Studiu de caz - Numărul de cifre ale unui număr ABC Studiu de caz - concatenarea a două numere Inversul unui număr Înlănțuirea instrucțiunilor Studiu de caz - Verificarea primalității unui număr Triunghi For - Structura repetitivă II Minimul și maximul a N numere Înmulțire Al x-lea număr prim Șiruri de numere Accesarea și modificarea elementelor unui șir Șiruri de numere - Citire și Afișare Modificare șir Șiruri de numere - Studiu de caz - I Adăugarea unui element în șir Ștergerea unui element din șir Afișarea elementelor pare în ordine inversă Afișare elemente pare și impare Sortarea unui șir de numere Matrice - Tablouri bidimensionale Aplicații în viața reală Citirea și Afișarea Matricilor Studiu de caz - transpusa unei matrice Ștergerea unei linii dintr-o matrice Ștergerea unei coloane dintr-o matrice Matrice patratice Parcurgerea diagonalelor unei matrice pătratice Șiruri de numere - II Şiruri de frecvenţă Căutare binară - Descrierea ideii Căutare binară - implementare Bubble sort Sortare prin numărare https://wellcode.ro/ Sursa: ProTV

A suite of utilities simplilfying linux networking stack performance troubleshooting and tuning. https://pypi.python.org/pypi/netutils-linux netutils-linux It's a useful utils to simplify Linux network troubleshooting and performance tuning, developed in order to help Carbon Reductor techsupport and automate the whole linux performance tuning process out of box (ok, except the best RSS layout detection with multiple network devices). These utils may be useful for datacenters and internet service providers with heavy network workload (you probably wouldn't see an effect at your desktop computer). It's now in production usage with 300+ deployment and save us a lot of time with hardware and software settings debugging. Inspired by packagecloud's blog post. Installation You'll need pip. pip install netutils-linux Utils Monitoring All these top-like utils don't require root priveledges or sudo usage. So you can install and use them as non-priveledged user if you care about security. pip install --user netutils-linux Brief explanation about highlighting colors for CPU and device groups: green and red are for NUMA-nodes, blue and yellow for CPU sockets. Screenshots are taken from different hosts with different hardware. network-top Most useful util in this repo that includes almost all linux network stack performance metrics and allow to monitor interrupts, soft interrupts, network processing statistic for devices and CPUs. Based on following files: /proc/interrupts (vectors with small amount of irqs/second are hidden by default) /proc/net/softnet_stat - packet distribution and errors/squeeze rate between CPUs. /proc/softirqs (only NET_RX and NET_TX values). /sys/class/net/<NET_DEVICE>/statistic/<METRIC> files (you can specify units, mbits are default) There are also separate utils if you want to look at only specific metrics: irqtop, softirq-top, softnet-stat-top, link-rate. snmptop Basic /proc/net/smmp file watcher. Tuning rss-ladder Automatically set smp_affinity_list for IRQ of NIC rx/tx queues that usually work on CPU0 out of the box). Based on lscpu's output. It also supports double/quad ladder in case of multiprocessor systems (but you better explicitly specify queue count == core per socket as NIC's driver's param). Example output: # rss-ladder eth1 0 - distributing interrupts of eth1 (-TxRx-) on socket 0 - eth1: irq 67 eth1-TxRx-0 -> 0 - eth1: irq 68 eth1-TxRx-1 -> 1 - eth1: irq 69 eth1-TxRx-2 -> 2 - eth1: irq 70 eth1-TxRx-3 -> 3 - eth1: irq 71 eth1-TxRx-4 -> 8 - eth1: irq 72 eth1-TxRx-5 -> 9 - eth1: irq 73 eth1-TxRx-6 -> 10 - eth1: irq 74 eth1-TxRx-7 -> 11 autorps Enables RPS on all available CPUs of NUMA node local for the NIC for all NIC's rx queues. It may be good for small servers with cheap network cards. You also can explicitely pass --cpus or --cpu-mask. Example output: # autorps eth0 Using mask 'fc0' for eth0-rx-0. maximize-cpu-freq Sets every CPU scaling governor mode to performance and set max scaling value for min scaling value. So you will be able to use all power of your processor (useful for latency sensible systems). rx-buffers-increase rx-buffers-increase utils, that finds and sets compromise-value between avoiding dropped/missing pkts and keeping a latency low. Example output: # ethtool -g eth1 Ring parameters for eth1: Pre-set maximums: RX: 4096 ... Current hardware settings: RX: 256 # rx-buffers-increase eth1 run: ethtool -G eth1 rx 2048 # rx-buffers-increase eth1 eth1's rx ring buffer already has fine size. # ethtool -g eth1 Ring parameters for eth1: Pre-set maximums: RX: 4096 ... Current hardware settings: RX: 2048 Hardware and its configuration rating server-info Much alike lshw but designed for network processing role of server. # server-info show cpu: info: Architecture: x86_64 BogoMIPS: 6799.9899999999998 Byte Order: Little Endian CPU MHz: 3399.998 CPU family: 6 CPU op-mode(s): 32-bit, 64-bit CPU(s): 2 Core(s) per socket: 1 Hypervisor vendor: KVM L1d cache: 32K L1i cache: 32K L2 cache: 4096K Model: 13 Model name: QEMU Virtual CPU version (cpu64-rhel6) NUMA node(s): 1 NUMA node0 CPU(s): 0,1 On-line CPU(s) list: 0,1 Socket(s): 2 Stepping: 3 Thread(s) per core: 1 Vendor ID: GenuineIntel Virtualization type: full layout: '0': '0' '1': '1' disk: sr0: model: QEMU DVD-ROM vda: model: null size: 64424509440 type: HDD memory: MemFree: 158932 MemTotal: 1922096 SwapFree: 4128764 SwapTotal: 4128764 net: eth1: buffers: cur: 2048 max: 4096 conf: ip: 10.144.63.1/24 vlan: true driver: driver: e1000 version: 7.3.21-k8-NAPI queues: own: [] rx: [] rxtx: [] shared: - virtio1, eth0, eth1 tx: [] unknown: [] It also can rate hardware and its features in range of 1..10. # server-info rate cpu: BogoMIPS: 7 CPU MHz: 7 CPU(s): 1 Core(s) per socket: 1 L3 cache: 1 Socket(s): 10 Thread(s) per core: 10 Vendor ID: 10 disk: sr0: size: 1 type: 2 vda: size: 1 type: 1 memory: MemTotal: 1 SwapTotal: 10 net: eth1: buffers: cur: 5 max: 10 driver: 1 queues: 1 system: Hypervisor vendor: 1 Virtualization type: 1 Download: netutils-linux-master.zip or: git clone https://github.com/strizhechenko/netutils-linux.git Source: https://github.com/strizhechenko/netutils-linux

CVE-2017-14955: Win a Race Against Check_mk to Dump All Your Login Data " The authors of check_mk have fixed a quite interesting vulnerability, which I have recently reported to them, called CVE-2017-14955 (sorry no fancy name here) affecting the old stable version 1.2.8p25 and below of both check_mk and check_mk Enterprise. It’s basically about a Race Condition vulnerability affecting the login functionality, which in the end leads to the disclosure of authentication credentials to an unauthenticated user. " Source: https://www.rcesecurity.com/2017/10/cve-2017-14955-win-a-race-against-check-mk-to-dump-all-your-login-data/

Smartwatch Motorola Moto 360 Generatia a 2-a - 600 Lei https://pricezone.ro/product/smartwatch-motorola-moto-360-generatia-a-2-a-45-mm-unisex-curea-silicon-orange

Avand in vedere ca se apropie, pinned!

Da-mi PM.

Sysadmins and developers rejoice! WSL is now a fully fledged part of Windows 10, starting with the latest Fall Creators Update. terested in running Linux on Windows 10 with Windows Subsystem for Linux (WSL), but nervous about it being both a beta and only available in Windows 10 developer mode? Your worries are over. In the Windows 10 Fall Creators Update (WinFCU) WSL has graduated to being a Windows 10 feature that can be run by any user. Tested for over a year, WSL on WinFCU is bringing many new features to this combination of the Linux Bash shell and Windows. Besides WSL no longer being a beta or requiring users to be in developer mode, the new features include: Install Linux distros via the Windows Store WSL now runs multiple Linux distros WSL comes to Windows Server & Microsoft Azure VMs WSL now supports USB/serial comms Miscellaneous fixes and improvements Besides Ubuntu, the new WSL-supported Linux distros are SUSE's community openSUSE and its corporate SUSE Linux Enterprise Server (SLES). Fedora and other distros will arrive in the store shortly. If you've previously installed WS, your existing "legacy" Ubuntu instance will continue to work, but it's deprecated. To continue to receive support you should replace it with a new store-delivered instance. Without this, you won't receive Canonical or Microsoft support. To keep your old files, you should tar them and copy them to your Windows file system; for example: `/mnt/c/temp/backups` and then copy them back to your new instance. In addition, instead of jumping through hoops to install Linux on Windows, you can install one or more -- yes, you can have multiple distros on a single Windows 10 system -- Linux distros from the Windows Store. To do this, you must first enable the WSL feature in the "Turn Windows Features on or off" dialog and reboot. No, WSL is not active by default and yes, you must reboot. After rebooting you simply search for "Linux" in the Windows Store, pick a version to install, hit install, and in a few minutes you're good to go. If you already have a Bash instance installed on WSL, you can start afresh with the lxrun /uninstall command. You run this command from the command prompt or PowerShell. Besides being able to install multiple Linux distributions, you can simultaneously run one or more Linux distros. Each distro runs independently of one another. These are neither virtual machines (VMs) nor containers, and that means they need their usual system resources. I, for example, would only want them on systems with at least an additional 2GBs per instance of running WSL. WSL itself requires only minimal system resources. Rich Turner, Microsoft's senior program manager of WSL and Windows Console, wrote: "We don't list [RAM requirements] because, frankly, we don't have any of note! If you don't install WSL, we add no RAM footprint. If you do enable WSL, there's a tiny 850KB driver loaded briefly, and then it shuts down until you start a Linux instance. At that point, you load /init which launches /bin/bash. This causes the 850KB driver to load, and creates Pico Processes for init and bash. So, basically, WSL's RAM requirements are pretty much whatever the RAM is that you need to run each Linux binary, plus around 1MB of working set in total." The Linux distros can also access Windows' host filesystem, networking stack, etc. That means you should be cautious about changing files on the Windows filesystem. Why would you run multiple distros at once? Microsoft points out: You can now install Linux distros right from the Windows Store. Linux developers will be pleased to find that USB serial comms are now supported. This enables your shell scripts and apps to talk to serial ports. WSL also now supports mounting of USB-attached storage devices and network shares. That's the good news, The bad news is it only supports the NT filesystem IO infrastructure. In other words it only supports FAT/FAT32/NTFS formatted storage devices. Want *nix file systems? Microsoft encourages you to upvote and/or comment on the associated UserVoice ask. Digging deeper into the new improvements, under the hood WSL on WinFCU now includes: Improved TCP socket options inc. IP_OPTIONS, IP_ADD_MEMBERSHIP, IP_MULTICAST, etc /etc/hosts will now inherit entries from the Windows hosts file xattr related syscalls support Fixed several filesystem features and capabilities Improved PTRACE support Improved FUTEX support chsh, which enables you to change shells, now works. This enables you to use your favorite shell directly. Shell startup file other than ".bashrc" will now execute. The following syscalls were added for the first time during the FCU cycle: Prlimit64 getxattr, setxattr, listxattr, removexattr As expected, WSL is also on its way to Windows Server and to Microsoft Azure Windows VM instances. This will make WSL even more useful for sysadmins. All these improvements have made it even easier for developers and system administrators to run Linux shell commands on Windows. While this isn't very useful for ordinary desktop users, for serious IT staff it's a real step forward, making Windows more useful in a server and cloud world that's increasingly dominated by Linux. Even on Azure, over a third of VMs are Linux. With WSL, most Linux shell tools are at your command. These include: apt, ssh, find, grep, awk, sed, gpg, wget, tar, vim, emacs, diff, and patch. You can also run popular open-source programming languages such as python, perl, ruby, php, and gcc. In addition, WSL and Bash supports server programs such as the Apache web-server and Oracle's MySQL database management system. In other words, you get a capable Linux development environment running on Windows. While you can run Linux graphical interfaces and programs on WSL, it's more of a stunt than a practical approach at this time. Of course, with a little work... How does WSL work? Dustin Kirkland, a member of Canonical's Ubuntu Product and Strategy executive team, explained: "We're talking about bit-for-bit, checksum-for-checksum Ubuntu ELF binaries running directly in Windows. [WSL] basically perform real-time translation of Linux syscalls into Windows OS syscalls. Linux geeks can think of it sort of the inverse of 'WINE' -- Ubuntu binaries running natively in Windows." Regardless of the technical details of how WSL does what it doess, what matters now is that WSL works very, very well. Enjoy! Via zdnet.com

Ai aici o parte din cuvintele dex-online.ro : https://dexonline.ro/static/download/dex-database.sql.gz Si aici gasesti o lista de prenume pe care o poti folosi: https://ro.wikipedia.org/wiki/Listă_de_prenume_românești

Synopsis: Cameradar hacks its way into RTSP CCTV cameras. An RTSP stream access tool that comes with its library. Link: https://github.com/EtixLabs/cameradar

Asta-i HACKING! Nu apostrof si pupacel in site-ul lui Maruta sau mai stiu eu ce labar nenorocit.

Hacking Mac With EmPyre October 12, 2016 lukeager I am the stereotypical Apple fan boy that other bloggers write about. We have MacBook Pro’s, Air’s, Apple TV’s, iPhone’s and iPad’s and even subscribe to Apple Music. You literally couldn’t find someone who has become more brainwashed by a brand…BUT, I am still not blinded by the security misconceptions which are rife within the world of Mac users. To try and understand just how wide spread these misconceptions were I recently did a poll on a facebook group dedicated to Mac products and asked the following question: Do you think Mac/iMacs need an AntiVirus? The results were staggering and showed that over 90% of participants (There were over 150 participants before the post was removed by an Admin because he wouldn’t entertain any talk of Mac’s having AV) believed that Mac’s do not need an AV. The comments were even more staggering and filled with all kinds of crazy talk from “Mac’s cannot get malware” through to “Malware can only infect your Mac if you enter your admin password” and even went into heated debates debating the differences between Trojans, Viruses and Worms and which impacted Mac users. Of course the bottom line was that almost nobody really understood that the risks are just as real on Mac as they are on Windows, just less common. Mac users get unwanted software, viruses, trojans and can be hacked, and with a little help from Adaptive Threat, we are going to prove it. So, lets have some fun and look at how to hack into Mac OSX hosts using Social Engineering and Malicious Office Documents. Introducing EmPyre edit: I added a new video tutorial to walk through the whole blog below.. EmPyre is a Post Exploitation framework built using Python which offers Ethical Hackers & Baddies(don’t do it) the ability to remotely access OSX hosts. It’s easy to use, has OSX Specific exploits and payloads already built in, and it actually makes for a refreshing change from Metasploit. Visit them on Github to read the nitty gritty about features and support. Installation is easy from another Unix host like Kali which comes with Git installed already. If you are using OSX or another distro, make sure you have Git installed before you begin. I’m using a fresh Kali install. Install EmPyre First, Git Clone from https://github.com/adaptivethreat/EmPyre/ You should now have a folder called EmPyre, and you’ll want to run install.sh to finish the install. That’s it, EmPyre is installed and ready to go, now just change directory in to EmPyre and run ./empyre to launch the interface. Once you do that, EmPyre will load up and you will see the following menu. Create A Listener Before you do anything, type the help command and check out the options you have, i’d suggest spending some time learning what you can do with the tool. For now, we want to start a listener for our victims to connect back too (y’know – the Macs that don’t need AV). Go to the listeners menu…and type options to view the current listener options. This is your equivalent of “show options” within Metasploit. When you hit enter you will see the current settings for the default listener which is called test. You can see the local IP and all the other options which are fine for this guide but you can change anything that suits your objective. Now, if you decide to get a little fruity here, it’s on you, but to change any of these, you’ll want to set one of the fields and change it accordingly. For instance, changing the host is useful if you are wanting to NAT your IP and go out over the internet like some kind of savage. Once you are happy with your options, just hit run , followed by your listener name which you can see in the options. Thats it, we are listening for shells. Now, if you are running this in a lab, just make sure you can reach the target machine and networking is all good. If you are using this against a remote host outside of your LAN, then you should move on to configuring NAT and any rules you need to let the traffic come in. You’re on your own with that. Create The Malicious Document This is not so different to attacking windows machines but you’re gonna have the extra helping hand from EmPyre to make things a little easier. First, we need to create the malicious office macro. You can return to the main menu by entering “main” and then we want to enter “usestager“. You can press tab to list all the available options but we will be using a macro for this attack. Almost there… now, we just need to tell the stager which listener we want it to use which should be easy since we only have 1 created, and then we wrap it up by generating the macro. If all goes to plan, you should see the macro outputted to the screen(unless you set an output location in the options) We want to copy this output into an office document and enter into a macro. Open excel or word and save the document as a macro enabled document. Once you have saved it, head over to tools and create a new macro, name it and then paste the code from your EmPyre host into the Macro. It should look like this. (Note – If you are targeting x64 architecture you will need to edit the first line to begin “Private Declare PtrSafe Function”) Save the document and let the games begin. The next time you open this document you should be prompted to enable macros which of course we will (why wouldn’t we!). Once you hit Enable Macros… Excel will play ball and execute the macro hidden away inside Excel. Over in the attack machine we can see the fruits of our labour with an agent checking in. This can sometimes take a second but no more than around 10-15 seconds. You’re going to want to then begin interacting with your newly infected Mac host. EmPyre calls them agents, so just enter the agents command. Notice the string which begins UKFOM…. this is the unique identifier EmPyre has given the host. In order to interact with that host you just need to type the following, but remember to substitute the identifier for whatever yours is called.(you can rename it) From here, you can start throwing shell code around like some kind of maniac. Try some of the built in modules, there are tons of them and some of them are pretty useful. My personal favourite is troll/osx/say but if you want to list them all, just use tab complete on the end of usemodule Of course, like every other screen you can issue the help command and see all the other options you have. Why not drop into the victims Shell, query the sysinfo or execute python code directly onto the host? And that’s it, now go pop some Macs. But first, lets take a moment to think about the original question. Do Macs need AntiVirus? Malware might not be as prolific on OSX as it is on Windows, but the concept is the same. Attackers can gain access to your machines in almost the same way they do Windows hosts. Some might argue that AV is not effective against targeted attacks, and I would agree, but right now, attacks are becoming more and more sophisticated and with the rise of OSX users, it’s only a matter of time before we see a shift in Apple users becoming bigger targets. Thanks for reading, please subscribe and follow me on Twitter/Instagram/LinkedIn using the links at the top of the page. Sursa: http://www.disinfosec.com/2016/10/12/hacking-mac/ Sursa: http://www.disinfosec.com/2016/10/12/hacking-mac/

Domain Password Audit Tool (DPAT) This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with clickable links. If you would like to click through an example report you can do so here. You can run the python script at follows. dpat.py -n customer.ntds -c oclHashcat.pot -g "Domain Admins.txt" "Enterprise Admins.txt" Note that the group lists at the end (-g "Domain Admins.txt "Enterprise Admins.txt") are optional. Try this out on the example files provied in the sample_data folder of this project. The sample data was built from census data for common first and last names and passwords from the well known rockyou list. Your customer.ntds file should be in this format: domain\username:RID:lmhash:nthash::: You can get this file by first dumping the password hashes from your domain controller by executing the following command in an administrative command prompt on a domain controller. Just make sure you have enough disk space to store the output in c:\temp. The amount of space needed will be slightly larger than the size of the ntds.dit file that is currently on the disk, as this performs a backup of that file and some registry settings. ntdsutil "ac in ntds" "ifm" "cr fu c:\temp" q q You can then turn this output into the needed format using secretsdump.py secretsdump.py -system registry/SYSTEM -ntds Active\ Directory/ntds.dit LOCAL -outputfile customer The command above will create a file called "customer.ntds" which you will use with this tool as well as for password cracking. Your oclHashcat file should be in this format: nthash:password Or for LM Hashes: lmhashLeftOrRight:leftOrRightHalfPasswordUpcased The DPAT tool also supports output from John the Ripper (same format as oclHashcat.pot but prepended with $NT$ or $LM$) The optional "-g" option is followed by a list of any number of files containing lists of users who are in the given group such as "Enterprise Admins" or "Domain Admins". The file can be in the format output by the PowerView PowerShell script as shown in the example below: Get-NetGroupMember -GroupName "Domain Admins" > "Domain Admins.txt" or to read a group from another domain use something like the following (note that name of the other domain and the domain controller can be obtained with Get-NetForestDomain) Get-NetGroupMember -GroupName "Enterprise Admins" -Domain "some.domain.com" -DomainController "DC01.some.domain.com" > "Enterprise Admins.txt" Alternatively, the group files can simply be a list of users, one per line, in the following format: domain\username The Domain Password Audit Tool also has the handy feature to finish cracking the LM hashes for any hashes where the NT hash was not cracked. This asssumes that you have used oclHashcat to brute force all 7 character passwords with the following command: ./oclHashcat64.bin -m 3000 -a 3 customer.ntds -1 ?a ?1?1?1?1?1?1?1 --increment Or to crack LM hashes with John the Ripper instead: john --format=LM customer.ntds To see all available DPAT options use the '-h' or '--help' option usage: dpat.py [-h] -n NTDSFILE -c CRACKFILE [-o OUTPUTFILE] [-d REPORTDIRECTORY] [-w] [-s] [-g [GROUPLISTS [GROUPLISTS ...]]] This script will perfrom a domain password audit based on an extracted NTDS file and password cracking output such as oclHashcat. optional arguments: -h, --help show this help message and exit -n NTDSFILE, --ntdsfile NTDSFILE NTDS file name (output from SecretsDump.py) -c CRACKFILE, --crackfile CRACKFILE Password Cracking output in the default form output by oclHashcat, such as oclHashcat.pot -o OUTPUTFILE, --outputfile OUTPUTFILE The name of the HTML report output file, defaults to _DomainPasswordAuditReport.html -d REPORTDIRECTORY, --reportdirectory REPORTDIRECTORY Folder containing the output HTML files, defaults to DPAT Report -w, --writedb Write the SQLite database info to disk for offline inspection instead of just in memory. Filename will be "pass_audit.db" -s, --sanitize Sanitize the report by partially redacting passwords and hashes. Prepends the report directory with "Sanitized - " -g [GROUPLISTS [GROUPLISTS ...]], --grouplists [GROUPLISTS [GROUPLISTS ...]] The name of one or multiple files that contain lists of usernames in particular groups. The group names will be taken from the file name itself. The username list must be in the same format as found in the NTDS file such as some.ad.domain.com\username. Example: -g "Domain Admins.txt" "Enterprise Admins.txt" Sponsors Sursa: https://github.com/clr2of8/DPAT