From 05e9358357b0f415142f6d8d5326ea3f56e40817 Mon Sep 17 00:00:00 2001
From: Tomas Kracmar <tomas.kracmar@cqre.net>
Date: Tue, 21 Oct 2025 13:42:46 +0200
Subject: [PATCH] Versions bump

---
 CHANGELOG.md             | 12 ++++++++++++
 Extract-NTHashes.ps1     |  2 +-
 README.md                |  8 ++++----
 Test-WeakADPasswords.ps1 |  4 ++--
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e840e13..e0ddb09 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Changelog
 
+## 2025-10-21
+
+### Extract-NTHashes.ps1 v1.2.1
+Fixed:
+- Corrected SigV4 host header formatting so non-default ports serialize without parser errors.
+- Hardened hashing helpers to avoid `ComputeHash` overload ambiguity under Windows PowerShell.
+- Domain selection menu now respects the configured numeric order.
+
+### Test-WeakADPasswords.ps1 v1.3.1
+Fixed:
+- Domain picker now renders in numeric order from settings for predictable operator workflows.
+
 ## 2025-10-10
 
 ### Test-WeakADPasswords.ps1 v1.3.0
diff --git a/Extract-NTHashes.ps1 b/Extract-NTHashes.ps1
index 230c4fb..a4bf860 100644
--- a/Extract-NTHashes.ps1
+++ b/Extract-NTHashes.ps1
@@ -7,7 +7,7 @@
 ##################################################
 ## Project: Elysium                             ##
 ## File: Extract-NTLMHashes.ps1                 ##
-## Version: 1.2.0                               ##
+## Version: 1.2.1                               ##
 ## Support: support@cqre.net                    ##
 ##################################################
 
diff --git a/README.md b/README.md
index 2c846ca..12f3d23 100644
--- a/README.md
+++ b/README.md
@@ -25,14 +25,14 @@ Run script Elysium.ps1 as an administrator and choose option 1 (Update Known-Has
 The script downloads the database from the configured storage (Azure Blob or S3-compatible), decompresses it and updates the current database.
 ### Test Weak AD passwords
 Run script Elysium.ps1 as an administrator and choose option 2 (Test Weak AD Passwords).
-The script will then ask for the domain to be tested and upon choice will ask for domain administrator password. The DA username is already provided in the script for each domain.
-The tool then connects to Domain Controller and tests all enabled users in the domain against KHDB. PDF report with findings is then generated.
+The script will list domains in the same order as they appear in `ElysiumSettings.txt` and, after you pick one, prompt for the corresponding domain administrator password (the username is taken from the settings file).
+The tool connects to the selected Domain Controller and compares accounts against KHDB (respecting the optional `CheckOnlyEnabledUsers` flag if configured). A timestamped text report is saved under `Reports`, and accounts with dictionary hits are also exported to a dedicated UPN-only text file to support follow-up automation.
 ### Send current hashes for update KHDB
 Run script Elysium.ps1 as an administrator and choose option 3 (Extract and Send Hashes).
-The tool will then ask for domain and password of domain administrator. With correct credentials, the tool will then extract current hashes (no history) of non-disabled users, compresses and encrypts them and uploads them to the configured storage (Azure Blob or S3-compatible) for pickup by the tool provider.
+Domains are listed in configuration order, after which the script prompts for the replication-capable account password. With valid credentials, it extracts current NTLM hashes (no history) for active accounts, compresses the results, encrypts them with the configured passphrase, and uploads the payload to the configured storage (Azure Blob or S3-compatible). A checksum-verified round-trip download confirms the upload before local artifacts are removed.
 
 S3-compatible usage notes:
-- No AWS Tools required. The scripts can sign requests using native SigV4 via .NET and HttpClient.
+- No AWS Tools required. The scripts sign requests using native SigV4 via .NET and HttpClient, including non-default endpoint ports.
 - To force using AWS Tools instead, set `s3UseAwsTools = true` in `ElysiumSettings.txt` and install `AWS.Tools.S3`.
 ### Uninstallation
 Run script Elysium.ps1 as an administrator and choose option 4 (Uninstall).
diff --git a/Test-WeakADPasswords.ps1 b/Test-WeakADPasswords.ps1
index ab1610c..00f0efe 100644
--- a/Test-WeakADPasswords.ps1
+++ b/Test-WeakADPasswords.ps1
@@ -8,7 +8,7 @@
 ##################################################
 ## Project: Elysium                             ##
 ## File: Test-WeakADPasswords.ps1               ##
-## Version: 1.3.0                               ##
+## Version: 1.3.1                               ##
 ## Support: support@cqre.net                    ##
 ##################################################
 
@@ -24,7 +24,7 @@ This script will test the passwords of selected domain (defined in ElysiumSettin
 # Enable verbose output
 $ErrorActionPreference = 'Stop'
 Set-StrictMode -Version Latest
-$VerbosePreference = "Continue"
+$VerbosePreference = "SilentlyContinue"
 
 $scriptRoot = $PSScriptRoot