Adding UserPasswordHint extraction in secretsdump.py

Hello there,

Currently the [`UserPasswordHint` value](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-password-hints-are-belong-to-us/) that can be present as **a user-defined password hint in a SAM** is not extracted by `secretsdump.py`.
As it can be really useful for breaking a hash I just added that feature with that [tiny commit](https://github.com/SecureAuthCorp/impacket/pull/550/commits/73e3b9565209508906049388a645745b4c28411d).

I felt free to add it in the `comment` field of the [`PWDump` format](https://openwall.info/wiki/john/hash-formats), this way the `secretsdump.py` output file can still be easily interpreted by third-party tools (`ophcrack` etc.).

An example with the `sshd` hint for the `sshd_server` user (last line):
```
Administrator:500:aad3b435b51404eeaad3b435b51404ee:fc525c9683e8fe067095ba2ddc971889:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:dc0e3fe2c44b5949cbca7067571ed67c:::
IEUser:1000:aad3b435b51404eeaad3b435b51404ee:fc525c9683e8fe067095ba2ddc971889:::
sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:5eae9bf98b32d40c6cdda8e7f69a9967:sshd::
```

Best regards.

Thomas.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Adding UserPasswordHint extraction in secretsdump.py #662

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Adding UserPasswordHint extraction in secretsdump.py #662

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions