nerdexam
GIAC

GCIH · Question #617

What task is the Linux administrator performing with the command below? python dpat.py -n ../ntdsbak/customer.ntds -c ../ntdsbak/hashcat.potfile -g ../ntdsbak/*.txt

The correct answer is B. Analyze password selections. The dpat.py command runs the Domain Password Audit Tool (DPAT), which takes cracked hashes from a hashcat potfile and an NTDS export to report on an organization's password selection patterns.

Vulnerability Exploitation & Privilege Escalation

Question

What task is the Linux administrator performing with the command below? python dpat.py -n ../ntdsbak/customer.ntds -c ../ntdsbak/hashcat.potfile -g ../ntdsbak/*.txt

Options

  • ARemove salts
  • BAnalyze password selections
  • CExtract NT hashes
  • DCrack passwords

How the community answered

(26 responses)
  • A
    12% (3)
  • B
    81% (21)
  • C
    4% (1)
  • D
    4% (1)

Why each option

The dpat.py command runs the Domain Password Audit Tool (DPAT), which takes cracked hashes from a hashcat potfile and an NTDS export to report on an organization's password selection patterns.

ARemove salts

Removing salts is not applicable here; Windows NT hashes (NTLM) are unsalted by design, so salt removal is not a step in this workflow.

BAnalyze password selectionsCorrect

DPAT (Domain Password Audit Tool) consumes an NTDS.dit export (-n), a hashcat potfile containing already-cracked password plaintext (-c), and optional wordlist files (-g) to generate statistical reports on password length, complexity, reuse, and policy compliance across domain accounts. Its purpose is auditing - not cracking - by analyzing what passwords users actually chose.

CExtract NT hashes

Extracting NT hashes from an NTDS.dit file is performed by tools such as Impacket's secretsdump.py or ntdsutil; DPAT consumes an already-extracted NTDS file as input.

DCrack passwords

Password cracking is performed by tools like hashcat or John the Ripper; DPAT reads a pre-existing potfile of already-cracked passwords and does not perform any cracking itself.

Concept tested: Domain Password Audit Tool (DPAT) for password analysis

Source: https://github.com/clr2of8/DPAT

Topics

#dpat.py#NTDS#password audit#credential analysis

Community Discussion

No community discussion yet for this question.

Full GCIH Practice