Providing k-anonymity model for NTLM hashes?

HaveIBeenPwned / PwnedPasswordsAzureFunction

APIs for the k-anonymity Pwned Passwords implementation

BSD 3-Clause "New" or "Revised" License

810 stars 48 forks source link

Providing k-anonymity model for NTLM hashes? #86

Closed IgorMilavec closed 1 year ago

IgorMilavec commented 2 years ago

Any chance of providing k-anonymity ranges for NTLM hashes? I think this would be valuable for checking local user's passwords in small AD domains, where downloading the whole corpus is a bit too much.

stebet commented 2 years ago

This is something that has been brought up before right? @troyhunt

miztroh commented 2 years ago

@stebet @troyhunt I sent an email about this yesterday. Happy to track progress on this request here. Thanks again!

miztroh commented 2 years ago

@stebet @troyhunt Any update here? Unfortunately, I don't have the experience to look at adding in this functionality to this repo. For now, I've taken the monolithic NTLM data from last December and ingested it into an indexed database. I'm consuming that data with a Node.js server application that works identically to the k-anonymity API you're currently providing. However, as this data continues to age, I'm much more interested in being able to query against the live dataset instead using NTLM hash prefixes. Please let us know if this request can move forward and what an ETA might look like. Thanks!

stebet commented 2 years ago

@miztroh I’ve been off on summer vacation lately but me and @troyhunt have discussed his briefly. We’ll go another round see what comes out of it :)

miztroh commented 2 years ago

@stebet OK, great. Thanks for the follow-up!

miztroh commented 1 year ago

@stebet Any update here? Thanks!

c3rberus commented 1 year ago

Any update on this? Would be great to have a way to pull NTLM hashes similar to Version 8 on the HIBP website, so we can run audits against local AD.

stebet commented 1 year ago

This is being worked on :). The downloader will be updated soon as well to support downloading the NTLM hashes.

c3rberus commented 1 year ago

That's great news, thanks for the update.

stebet commented 1 year ago

Done and delivered! https://www.troyhunt.com/pwned-passwords-adds-ntlm-support-to-the-firehose/

miztroh commented 1 year ago

@stebet Thank you so much for your work on this. It's a huge win for my team and I know it will be for others as well!

gino840 commented 1 year ago

To download ntlm hashes is there a flag?

stebet commented 1 year ago

To download ntlm hashes is there a flag?

Yes! Use -n to download the NTLM hashes.

noobhands commented 1 year ago

perfect, thank you very much!