Compare if two accounts have the same password

MichaelGrafnetter / DSInternals

Directory Services Internals (DSInternals) PowerShell Module and Framework

https://www.dsinternals.com

MIT License

1.62k stars 250 forks source link

Compare if two accounts have the same password #153

Closed b-mgh closed 1 year ago

b-mgh commented 1 year ago

Just for my information, how are you able to compare if two accounts have the same password? Because even if two accounts have the same password, you should not be able to compare stored hash. Otherwise, it means passwords aren’t salted and we can create a matching table.

MichaelGrafnetter commented 1 year ago

Hi, you are right. AD and SAM databases contains multiple types of password hashes, most of them are salted with username (2 PBKDF2 keys and 30 MD5 hashes). But there is also an unsalted legacy MD4 hash present.

b-mgh commented 1 year ago

So AD and SAM databases contains multiple types of password hashes, most of them are salted with username, how are you able to compare if two accounts have the same password?

MichaelGrafnetter commented 1 year ago

So AD and SAM databases contains multiple types of password hashes, most of them are salted with username, how are you able to compare if two accounts have the same password?

I compare the unsalted ones. See the sample output, NTHash is unsalted.