GCIH · Question #617
What task is the Linux administrator performing with the command below? python dpat.py -n ../ntdsbak/customer.ntds -c ../ntdsbak/hashcat.potfile -g ../ntdsbak/*.txt
The correct answer is B. Analyze password selections. The dpat.py command runs the Domain Password Audit Tool (DPAT), which takes cracked hashes from a hashcat potfile and an NTDS export to report on an organization's password selection patterns.
Question
What task is the Linux administrator performing with the command below? python dpat.py -n ../ntdsbak/customer.ntds -c ../ntdsbak/hashcat.potfile -g ../ntdsbak/*.txt
Options
- ARemove salts
- BAnalyze password selections
- CExtract NT hashes
- DCrack passwords
How the community answered
(26 responses)- A12% (3)
- B81% (21)
- C4% (1)
- D4% (1)
Why each option
The dpat.py command runs the Domain Password Audit Tool (DPAT), which takes cracked hashes from a hashcat potfile and an NTDS export to report on an organization's password selection patterns.
Removing salts is not applicable here; Windows NT hashes (NTLM) are unsalted by design, so salt removal is not a step in this workflow.
DPAT (Domain Password Audit Tool) consumes an NTDS.dit export (-n), a hashcat potfile containing already-cracked password plaintext (-c), and optional wordlist files (-g) to generate statistical reports on password length, complexity, reuse, and policy compliance across domain accounts. Its purpose is auditing - not cracking - by analyzing what passwords users actually chose.
Extracting NT hashes from an NTDS.dit file is performed by tools such as Impacket's secretsdump.py or ntdsutil; DPAT consumes an already-extracted NTDS file as input.
Password cracking is performed by tools like hashcat or John the Ripper; DPAT reads a pre-existing potfile of already-cracked passwords and does not perform any cracking itself.
Concept tested: Domain Password Audit Tool (DPAT) for password analysis
Source: https://github.com/clr2of8/DPAT
Topics
Community Discussion
No community discussion yet for this question.