viksafe

There is probably no need for an introduction to Active Directory. Most both small business and large enterprises have been using Active Directory since the move from NT 4.0 back in 1999 and probably everyone in the IT industry have had the opportunity to both hate and love Active Directory Domain Services. As most of the Active Directory instances dates back to early 2000 and the various number of System Administrators that’s been in charge of the Domain and Domain Controllers makes it hard build a security baseline.

Background When doing internal penetration tests or Active Directory assessments you will at one time or another obtain password hashes for accounts that require brute-force attacks or wordlist attacks to gain the plaintext passwords. When in this situation, publicly leaked password databases can come in handy to get a sense of the password complexity and common passwords used by a company. Searching for the domain name of the company will give a glimpse of the password schema for the leaked accounts.