github MichaelGrafnetter/DSInternals v6.0.1
DSInternals PowerShell Module 6.0.1
on GitHub

latest releases: v6.1.1, v6.1
20 days ago

Notable Changes

Trust Objects

The new Get-ADDBTrust cmdlet can read inter-domain trust objects from ntds.dit files, decrypt the trust passwords, and derive the Kerberos trust keys: 

PS C:\> Get-ADDBTrust -DatabasePath 'C:\ADBackup\ntds.dit' -BootKey c53a1d6ce3b391432863073cea763915

Sample output: 

DistinguishedName: CN=adatum.com,CN=System,DC=contoso,DC=com
TrustPartner: adatum.com
FlatName: adatum
Sid: S-1-5-21-2072939287-465948493-1385512467
Direction: Bidirectional
Source: contoso.com
SourceFlatName: contoso
Type: Uplevel
Attributes: ForestTransitive
SupportedEncryptionTypes: AES128_CTS_HMAC_SHA1_96, AES256_CTS_HMAC_SHA1_96
Deleted: False
TrustAuthIncoming
  CurrentPassword: 鑵׶肞뚙ᝑ꣤ς搏ﴲᛍ⨾녰钳맦
  CurrentNTHash: a00b29a3ab2fe08bf169096798193290
  PreviousPassword: Pa$$w0rd
  PreviousNTHash: 92937945b518814341de3f726500d4ff
IncomingTrustKeys (Calculated)
  Credentials:
    AES256_CTS_HMAC_SHA1_96
      Key: f253328c380a20b24c59866ab5a4f222a7fdec9de05502b261de6bbccd392da9
      Iterations: 4096
    AES128_CTS_HMAC_SHA1_96
      Key: 039d99f0b5c78bd7d07e0fed28fe2cf8
      Iterations: 4096
    DES_CBC_MD5
      Key: 0ee92c61b66b5d0d
      Iterations: 4096
  OldCredentials:
    AES256_CTS_HMAC_SHA1_96
      Key: ab18197b48942fcbb8dab398f1b78fcbad8a223ff6779eb332f42f21655f5aa0
      Iterations: 4096
    AES128_CTS_HMAC_SHA1_96
      Key: 676c6a1e69f0ec7d78010e75e9c24b6f
      Iterations: 4096
    DES_CBC_MD5
      Key: 2afbc7d94fa4ab29
      Iterations: 4096
  OlderCredentials:
  ServiceCredentials:
  Salt: CONTOSO.COMkrbtgtadatum
  DefaultIterationCount: 4096
  Flags: 0
TrustAuthOutgoing
  CurrentPassword: 쩘僞◀ꝵ黠鯹안꽾仈퍯䢥鉑꾲
  CurrentNTHash: ea1d78e82a3e496eb65ccd9a108575d0
  PreviousPassword: Pa$$w0rd
  PreviousNTHash: 92937945b518814341de3f726500d4ff
OutgoingTrustKeys (Calculated)
  Credentials:
    AES256_CTS_HMAC_SHA1_96
      Key: 25668ca9f03154e3cf0509a01f51bb3a5fcac8200e69eb542e6f2ad4609d39ce
      Iterations: 4096
    AES128_CTS_HMAC_SHA1_96
      Key: 65a4c7a238f2cf8146f15db4dfda4bad
      Iterations: 4096
    DES_CBC_MD5
      Key: d90425dc58571a86
      Iterations: 4096
  OldCredentials:
    AES256_CTS_HMAC_SHA1_96
      Key: 214a5078f4fdb6405ca669a4ce9662cb631989d331585ce115c769c7218f6583
      Iterations: 4096
    AES128_CTS_HMAC_SHA1_96
      Key: efc764b4de373d40c3e9b173c0ee3a47
      Iterations: 4096
    DES_CBC_MD5
      Key: 9ec1cbd9163da72a
      Iterations: 4096
  OlderCredentials:
  ServiceCredentials:
  Salt: ADATUM.COMkrbtgtcontoso
  DefaultIterationCount: 4096
  Flags: 0

Full RODC Support

Database files (ntds.dit) originating from RODCs are now fully supported: 

Get-ADDBAccount -DatabasePath 'C:\ADBackup\ntds.dit' `
                -BootKey e8502c7e1efb193eec3b625981ad90ed `
                -All `
                -ExportFormat HashcatNT |
    Where-Object NTHash -ne $null

Sample output: 

john:92937945b518814341de3f726500d4ff
DMZ-WWW$:c53a1d6ce3b391432863073cea763915
krbtgt_20781:06bc0b46fa3ea0d2d28168366d61053b
DMZ-RODC$:8a6cf405873a668b2f4ab847a0450cc1

Under the Hood

  • PowerShell Core 7 and .NET SDK are now supported on the Windows platform.
  • All applicable resources, including the PowerShell module, NuGet packages, binaries, and scripts are digitally signed.
  • Pure CLR assemblies are built deterministically.
  • Performance improvements (more yet to come).

See the Changelog for a more detailed list of new features.

DSInternals PowerShell Module

NuGet Packages

Official binary packages are available in the NuGet Gallery.

Check out latest releases or
releases around MichaelGrafnetter/DSInternals v6.0.1

Don't miss a new DSInternals release

NewReleases is sending notifications on new releases.

Get notifications