nerdexam
ExamsGCIHQuestions#617
GIAC

GCIH · Question #617

GCIH Question #617: Real Exam Question with Answer & Explanation

The correct answer is B: Analyze password selections. The dpat.py command runs the Domain Password Audit Tool (DPAT), which takes cracked hashes from a hashcat potfile and an NTDS export to report on an organization's password selection patterns.

Vulnerability Exploitation & Privilege Escalation

Question

What task is the Linux administrator performing with the command below? python dpat.py -n ../ntdsbak/customer.ntds -c ../ntdsbak/hashcat.potfile -g ../ntdsbak/*.txt

Options

  • ARemove salts
  • BAnalyze password selections
  • CExtract NT hashes
  • DCrack passwords

Explanation

The dpat.py command runs the Domain Password Audit Tool (DPAT), which takes cracked hashes from a hashcat potfile and an NTDS export to report on an organization's password selection patterns.

Common mistakes.

  • A. Removing salts is not applicable here; Windows NT hashes (NTLM) are unsalted by design, so salt removal is not a step in this workflow.
  • C. Extracting NT hashes from an NTDS.dit file is performed by tools such as Impacket's secretsdump.py or ntdsutil; DPAT consumes an already-extracted NTDS file as input.
  • D. Password cracking is performed by tools like hashcat or John the Ripper; DPAT reads a pre-existing potfile of already-cracked passwords and does not perform any cracking itself.

Concept tested. Domain Password Audit Tool (DPAT) for password analysis

Reference. https://github.com/clr2of8/DPAT

Topics

#dpat.py#NTDS#password audit#credential analysis

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice