cqrenet/elysium
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Versions bump

Browse Source
This commit is contained in:
Tomas Kracmar
2025-10-21 13:42:46 +02:00
parent 5799881418
commit 05e9358357
4 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGELOG.md
View File

@@ -1,5 +1,17 @@
# Changelog # Changelog
## 2025-10-21
### Extract-NTHashes.ps1 v1.2.1
Fixed:
- Corrected SigV4 host header formatting so non-default ports serialize without parser errors.
- Hardened hashing helpers to avoid `ComputeHash` overload ambiguity under Windows PowerShell.
- Domain selection menu now respects the configured numeric order.
### Test-WeakADPasswords.ps1 v1.3.1
Fixed:
- Domain picker now renders in numeric order from settings for predictable operator workflows.
## 2025-10-10 ## 2025-10-10
### Test-WeakADPasswords.ps1 v1.3.0 ### Test-WeakADPasswords.ps1 v1.3.0

2
Extract-NTHashes.ps1
View File

@@ -7,7 +7,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Extract-NTLMHashes.ps1 ## ## File: Extract-NTLMHashes.ps1 ##
## Version: 1.2.0 ## ## Version: 1.2.1 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################

8
README.md
View File

@@ -25,14 +25,14 @@ Run script Elysium.ps1 as an administrator and choose option 1 (Update Known-Has
The script downloads the database from the configured storage (Azure Blob or S3-compatible), decompresses it and updates the current database. The script downloads the database from the configured storage (Azure Blob or S3-compatible), decompresses it and updates the current database.
### Test Weak AD passwords ### Test Weak AD passwords
Run script Elysium.ps1 as an administrator and choose option 2 (Test Weak AD Passwords). Run script Elysium.ps1 as an administrator and choose option 2 (Test Weak AD Passwords).
The script will then ask for the domain to be tested and upon choice will ask for domain administrator password. The DA username is already provided in the script for each domain. The script will list domains in the same order as they appear in `ElysiumSettings.txt` and, after you pick one, prompt for the corresponding domain administrator password (the username is taken from the settings file).
The tool then connects to Domain Controller and tests all enabled users in the domain against KHDB. PDF report with findings is then generated. The tool connects to the selected Domain Controller and compares accounts against KHDB (respecting the optional `CheckOnlyEnabledUsers` flag if configured). A timestamped text report is saved under `Reports`, and accounts with dictionary hits are also exported to a dedicated UPN-only text file to support follow-up automation.
### Send current hashes for update KHDB ### Send current hashes for update KHDB
Run script Elysium.ps1 as an administrator and choose option 3 (Extract and Send Hashes). Run script Elysium.ps1 as an administrator and choose option 3 (Extract and Send Hashes).
The tool will then ask for domain and password of domain administrator. With correct credentials, the tool will then extract current hashes (no history) of non-disabled users, compresses and encrypts them and uploads them to the configured storage (Azure Blob or S3-compatible) for pickup by the tool provider. Domains are listed in configuration order, after which the script prompts for the replication-capable account password. With valid credentials, it extracts current NTLM hashes (no history) for active accounts, compresses the results, encrypts them with the configured passphrase, and uploads the payload to the configured storage (Azure Blob or S3-compatible). A checksum-verified round-trip download confirms the upload before local artifacts are removed.
S3-compatible usage notes: S3-compatible usage notes:
- No AWS Tools required. The scripts can sign requests using native SigV4 via .NET and HttpClient. - No AWS Tools required. The scripts sign requests using native SigV4 via .NET and HttpClient, including non-default endpoint ports.
- To force using AWS Tools instead, set `s3UseAwsTools = true` in `ElysiumSettings.txt` and install `AWS.Tools.S3`. - To force using AWS Tools instead, set `s3UseAwsTools = true` in `ElysiumSettings.txt` and install `AWS.Tools.S3`.
### Uninstallation ### Uninstallation
Run script Elysium.ps1 as an administrator and choose option 4 (Uninstall). Run script Elysium.ps1 as an administrator and choose option 4 (Uninstall).

4
Test-WeakADPasswords.ps1
View File

@@ -8,7 +8,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Test-WeakADPasswords.ps1 ## ## File: Test-WeakADPasswords.ps1 ##
## Version: 1.3.0 ## ## Version: 1.3.1 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
@@ -24,7 +24,7 @@ This script will test the passwords of selected domain (defined in ElysiumSettin
# Enable verbose output # Enable verbose output
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
Set-StrictMode -Version Latest Set-StrictMode -Version Latest
$VerbosePreference = "Continue" $VerbosePreference = "SilentlyContinue"
$scriptRoot = $PSScriptRoot $scriptRoot = $PSScriptRoot