问题
If a password is stored with reversable encryption in Active Directory, how does an administrator/developer extract and decrypt this password?
Specifically, I'm referring to this setting.
回答1:
Although Dirk's answer is correct, the RevDump tool only works on Windows Server 2003, as newer versions of Windows store the reversibly encrypted passwords in a different way. Therefore I have created a new tool that supports Windows Server 2008+.
Simplest usage example:
Get-ADReplAccount -SamAccountName April -Domain Adatum -Server LON-DC1
Sample output (partial):
DistinguishedName: CN=April Reagan,OU=IT,DC=Adatum,DC=com
Sid: S-1-5-21-3180365339-800773672-3767752645-1375
SamAccountName: April
SamAccountType: User
NTHash: 92937945b518814341de3f726500d4ff
SupplementalCredentials:
ClearText: Pa$$w0rd
回答2:
The following series of blog posts explains some details:
Passwords stored using reversible encryption: how it works (part 1)
Passwords stored using reversible encryption: how it works (part 2)
The author of this blog, Niels Teusink, also made the source code of his tool RevDump available for download.
It goes without saying that reversible encryption should not be used globally and only in very exceptional cases.
来源:https://stackoverflow.com/questions/3727181/how-does-a-legitmate-administrator-get-a-users-password-in-activedirectory