dpat is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with clickable links.
You can run the python script at follows.
dpat.py -n customer.ntds -c oclHashcat.pot -g "Domain Admins.txt" "Enterprise Admins.txt"
Note that the group lists at the end (-g “Domain Admins.txt “Enterprise Admins.txt”) are optional. Try this out on the example files provied in the sample_data folder of this project. The sample data was built from census data for common first and last names and passwords from the well known rockyou list.
Your customer.ntds file should be in this format:
domain\username:RID:lmhash:nthash:::
Requirement:
+ Python 2.7.x
dpat
The Domain Password Audit Tool also has the handy feature to finish cracking the LM hashes for any hashes where the NT hash was not cracked. This asssumes that you have used oclHashcat to brute force all 7 character passwords with the following command:
./oclHashcat64.bin -m 3000 -a 3 customer.ntds -1 ?a ?1?1?1?1?1?1?1 --increment
Usage and Download from source:
git clone https://github.com/clr2of8/DPAT && cd DPAT python dpat.py -h
Source: https://github.com/clr2of8