cqrenet/elysium
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create separate dictionary password report.

Browse Source
This commit is contained in:
Tomas Kracmar
2024-08-12 11:48:43 +02:00
parent 51b518613f
commit 76c9fcfb61
2 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -2,6 +2,10 @@
## Extract-NTHashes.ps1 ## Extract-NTHashes.ps1
### version 1.1.1
**Updated:**
- UPNs of the accounts with passwords found in dictionary were moved into separate report (one UPN at a line) to enable further automation.
### version 1.1.0 ### version 1.1.0
**Added:** **Added:**
- UPN retrieval (this will prolong the time needed to run the script significantly) - UPN retrieval (this will prolong the time needed to run the script significantly)

49
Test-WeakADPasswords.ps1
View File

@@ -8,7 +8,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Test-WeakADPasswords.ps1 ## ## File: Test-WeakADPasswords.ps1 ##
## Version: 1.1.0 ## ## Version: 1.1.1 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
@@ -146,7 +146,10 @@ function Get-UserUPN {
Write-Verbose "Attempting to get UPN for $SamAccountName in domain $Domain" Write-Verbose "Attempting to get UPN for $SamAccountName in domain $Domain"
try { try {
$user = Get-ADUser -Identity $SamAccountName -Properties UserPrincipalName -Server $Domain -Credential $Credential # Remove domain prefix if exists
$simplifiedSamAccountName = $SamAccountName -replace '^.*\\', ''
$user = Get-ADUser -Identity $simplifiedSamAccountName -Properties UserPrincipalName -Server $Domain -Credential $Credential
Write-Verbose "UPN found: $($user.UserPrincipalName)" Write-Verbose "UPN found: $($user.UserPrincipalName)"
return $user.UserPrincipalName return $user.UserPrincipalName
} catch { } catch {
@@ -155,6 +158,20 @@ function Get-UserUPN {
} }
} }
# Inside the foreach loop where accounts are processed:
foreach ($line in $lines) {
$newReportContent += $line
# Regex to match the SAMAccountName from the report line
if ($line -match "^\s*(\S+)\s*$") {
$samAccountName = $matches[1]
Write-Verbose "Looking up UPN for $samAccountName"
$upn = Get-UserUPN -SamAccountName $samAccountName -Domain $selectedDomain.DC -Credential $credential
$newReportContent += " UPN: $upn"
}
}
# Function to test for weak AD passwords # Function to test for weak AD passwords
function Test-WeakADPasswords { function Test-WeakADPasswords {
param ( param (
@@ -191,28 +208,54 @@ function Test-WeakADPasswords {
# Report generation with dynamic content and UPNs # Report generation with dynamic content and UPNs
$reportPath = Join-Path -Path $reportPathBase -ChildPath "$($selectedDomain.Name)_WeakPasswordReport_$timestamp.txt" $reportPath = Join-Path -Path $reportPathBase -ChildPath "$($selectedDomain.Name)_WeakPasswordReport_$timestamp.txt"
$upnOnlyReportPath = Join-Path -Path $reportPathBase -ChildPath "$($selectedDomain.Name)_DictionaryPasswordUPNs_$timestamp.txt"
Write-Verbose "Generating report at $reportPath" Write-Verbose "Generating report at $reportPath"
$reportContent = @($header, ($testResults | Out-String).Trim(), $footer) -join "`r`n" $reportContent = @($header, ($testResults | Out-String).Trim(), $footer) -join "`r`n"
$lines = $reportContent -split "`r`n" $lines = $reportContent -split "`r`n"
$newReportContent = @() $newReportContent = @()
$upnReportContent = @()
$collectingUPNs = $false
foreach ($line in $lines) { foreach ($line in $lines) {
$newReportContent += $line $newReportContent += $line
if ($line -match "$($selectedDomain.Name)\\(.+)") { # Start collecting UPNs after detecting the relevant section in the report
if ($line -match "Passwords of these accounts have been found in the dictionary:") {
$collectingUPNs = $true
continue
}
# Stop collecting UPNs if a new section starts or end of section is detected
if ($collectingUPNs -and $line -match "^\s*$") {
$collectingUPNs = $false
}
# Regex to match the SAMAccountName from the report line and collect UPNs if in the target section
if ($collectingUPNs -and $line -match "^\s*(\S+)\s*$") {
$samAccountName = $matches[1] $samAccountName = $matches[1]
Write-Verbose "Looking up UPN for $samAccountName" Write-Verbose "Looking up UPN for $samAccountName"
$upn = Get-UserUPN -SamAccountName $samAccountName -Domain $selectedDomain.DC -Credential $credential $upn = Get-UserUPN -SamAccountName $samAccountName -Domain $selectedDomain.DC -Credential $credential
$newReportContent += " UPN: $upn" $newReportContent += " UPN: $upn"
# Collect UPNs only for accounts found in the dictionary section
if ($upn -ne "UPN not found") {
$upnReportContent += $upn
}
} }
} }
$updatedReportContent = $newReportContent -join "`r`n" $updatedReportContent = $newReportContent -join "`r`n"
$upnOnlyContent = $upnReportContent -join "`r`n"
try { try {
$updatedReportContent | Out-File -FilePath $reportPath -ErrorAction Stop $updatedReportContent | Out-File -FilePath $reportPath -ErrorAction Stop
Write-Host "Report saved to $reportPath" Write-Host "Report saved to $reportPath"
$upnOnlyContent | Out-File -FilePath $upnOnlyReportPath -ErrorAction Stop
Write-Host "UPN-only report saved to $upnOnlyReportPath"
} catch { } catch {
Write-Error ("Failed to save report: {0}" -f $_.Exception.Message) Write-Error ("Failed to save report: {0}" -f $_.Exception.Message)
} }