#NTHASH 是AD用户密码加密的方式,加密后存储在NTDS.DIT文件中
# 有网站提供一键生成,可以参考验证 https://www.jisuan.mobi/33A.html

# 导入BouncyCastle
Add-Type -Path "D:\hash\BouncyCastle.Crypto.dll"

#被加密的字符串
$string = "123456" 

#转换成hexstring 16进制字符串
$unicodeHexArray = $string.ToCharArray() | ForEach-Object { [int]$_ } | ForEach-Object { "{0:x2}{1:d2}" -f $_,0 }
$hexstring = $unicodeHexArray -join $null  

# 将16进制字符串解码为字节数组
$byteArray = [Org.BouncyCastle.Utilities.Encoders.Hex]::Decode($hexString)

# 创建MD4哈希算法实例
$md4 = New-Object Org.BouncyCastle.Crypto.Digests.MD4Digest

# 更新哈希算法实例以包含要哈希的数据
$md4.BlockUpdate($byteArray, 0, $byteArray.Length)
$hashBytes = New-Object byte[] 16
# 完成哈希计算并获取最终的哈希值
$md4.DoFinal($hashBytes, 0)
# 将最终的哈希值字节数组转换为16进制字符串
$hashHex = [Org.BouncyCastle.Utilities.Encoders.Hex]::ToHexString($hashBytes)
# 输出结果
$hashHex

AD中,用户的密码是以NThash的密文存储的,具体计算的过程如此