You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please consider adding an option to print the Object GUID for AD account objects when running secretsdump.py.
My scenario is offline (i.e., LOCAL) password and hash analysis using ntds.dit and registry hives. Hash dumps in pwdump format do not include unique identifiers for account objects. When multiple domains are contained in the dump "duplicate" objects can occur. For example, the local administrator, guest, and krbtgt accounts for a domain are not printed in domain\user format and always have the same RID. This makes them indiscernible from one domain to another. This is also an issue when machine accounts have the same name across domains, though less frequently. Object GUIDs would positively identify AD objects and serve as a sort of primary key.
The text was updated successfully, but these errors were encountered:
Please consider adding an option to print the Object GUID for AD account objects when running secretsdump.py.
My scenario is offline (i.e., LOCAL) password and hash analysis using ntds.dit and registry hives. Hash dumps in pwdump format do not include unique identifiers for account objects. When multiple domains are contained in the dump "duplicate" objects can occur. For example, the local administrator, guest, and krbtgt accounts for a domain are not printed in domain\user format and always have the same RID. This makes them indiscernible from one domain to another. This is also an issue when machine accounts have the same name across domains, though less frequently. Object GUIDs would positively identify AD objects and serve as a sort of primary key.
The text was updated successfully, but these errors were encountered: