cqrenet/elysium
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update the get-credential logic

Browse Source
This commit is contained in:
Tomas Kracmar
2024-04-15 21:38:14 +02:00
parent 96873bacbc
commit 6bc5b7bc32
1 changed files with 30 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
Test-WeakADPasswords.ps1
View File

@@ -17,7 +17,7 @@
Weak AD password finder component of Elysium tool. Weak AD password finder component of Elysium tool.
.DESCRIPTION .DESCRIPTION
This script will test the passwords of selected domain (defined in ElysiumSettings.txt) using DSInternal Test-PasswordQuality cmdlet. It writes its output to a report file which is meant to be shared with internal security team. This script will test the passwords of selected domain (defined in ElysiumSettings.txt) using DSInternals' Test-PasswordQuality cmdlet. It writes its output to a report file which is meant to be shared with the internal security team.
#> #>
# Current timestamp for both report generation and header # Current timestamp for both report generation and header
@@ -53,6 +53,34 @@ Get-Content $settingsPath | ForEach-Object {
} }
} }
# Define the function to extract domain details from settings
function Get-DomainDetailsFromSettings {
param (
[hashtable]$Settings
)
$domainDetails = @{}
$counter = 1
while ($true) {
$nameKey = "Domain${counter}Name"
$dcKey = "Domain${counter}DC"
if ($Settings.ContainsKey($nameKey)) {
$domainDetails["$counter"] = @{
Name = $Settings[$nameKey]
DC = $Settings[$dcKey]
}
$counter++
}
else {
break
}
}
return $domainDetails
}
# Continue with script logic...
$domainDetails = Get-DomainDetailsFromSettings -Settings $ElysiumSettings
# Required modules # Required modules
$requiredModules = @("DSInternals", "ActiveDirectory") $requiredModules = @("DSInternals", "ActiveDirectory")
@@ -78,9 +106,6 @@ if (-not (Test-Path -Path $reportPathBase)) {
New-Item -Path $reportPathBase -ItemType Directory New-Item -Path $reportPathBase -ItemType Directory
} }
# Extract domain details from settings
$domainDetails = Get-DomainDetailsFromSettings -Settings $ElysiumSettings
# Function to test for weak AD passwords # Function to test for weak AD passwords
function Test-WeakADPasswords { function Test-WeakADPasswords {
param ( param (
@@ -105,7 +130,7 @@ function Test-WeakADPasswords {
# Performing the test # Performing the test
Write-Host "Testing password quality for $($selectedDomain.Name)..." Write-Host "Testing password quality for $($selectedDomain.Name)..."
$testResults = Get-ADReplAccount -All -Server $selectedDomain["DC"] -Credential $credential | $testResults = Get-ADReplAccount -All -Server $selectedDomain["DC"] -Credential $credential |
Test-PasswordQuality -WeakPasswordHashesFile $FilePath -Verbose Test-PasswordQuality -WeakPasswordHashesFile $FilePath
# Report generation with dynamic content # Report generation with dynamic content
$reportPath = Join-Path -Path $reportPathBase -ChildPath "$($selectedDomain.Name)_WeakPasswordReport_$timestamp.txt" $reportPath = Join-Path -Path $reportPathBase -ChildPath "$($selectedDomain.Name)_WeakPasswordReport_$timestamp.txt"