-
Notifications
You must be signed in to change notification settings - Fork 73
/
Copy pathExport-PotentiallyCrackableAccounts.ps1
119 lines (104 loc) · 4.39 KB
/
Export-PotentiallyCrackableAccounts.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<#
Author: Matan Hart (@machosec)
License: GNU v3
Required Dependencies: Find-PotentiallyCrackableAccounts
Optional Dependencies: None
#>
function Export-PotentiallyCrackableAccounts
{
<#
.SYNOPSIS
Report juicy information about user accounts associated with SPN
Author: Matan Hart (@machosec)
License: GNU v3
Required Dependencies: Find-PotentiallyCrackableAccounts
Optional Dependencies: None
.DESCRIPTION
This function queries the Active Directory and retreive information about user accounts associated with SPN.
This infromation could detremine if a service account is potentially crackable.
User accounts associated with SPN are vulnerable to offline brute-forceing and they are often (by defualt)
configured with weak password and encryption (RC4-HMAC).
Requires Active Directory authentication (domain user is enough).
.PARAMETER Type
The format of the report file. The default is CSV
.PARAMETER Path
The path to store the file. The default is the user's "Documents" folder
.PARAMETER Name
The name of the report. The default is "Report"
.PARAMETER Summary
Report minimial information
.PARAMETER DoNotOpen
Do not open the report
.EXAMPLE
Report-PotentiallyCrackableAccounts
Report all user accounts associated with SPN in entire forest. Save and open the report in CSV format in Documents folder
.EXAMPLE
Report-PotentiallyCrackableAccounts -Type XML -Path C:\Report -DoNotOpen
Report all user accounts associated with SPN in entire forest. Save the report in XML format in C:\Report folder
#>
[CmdletBinding()]
param
(
[ValidateSet("CSV", "XML", "HTML", "TXT")]
[String]$Type = "CSV",
[String]$Path = "$env:USERPROFILE\Documents",
[String]$Name = "Report",
[Switch]$Summary,
[Switch]$DoNotOpen
)
# Credits for Boe Prox from TechNet - https://gallery.technet.microsoft.com/scriptcenter/Convert-OutoutForCSV
Function Convert-Output
{
[cmdletbinding()]
Param (
[parameter(ValueFromPipeline=$true)]
[psobject]$InputObject
)
Begin {
$PSBoundParameters.GetEnumerator() | ForEach {
Write-Verbose "$($_)"
}
$FirstRun = $True
}
Process {
If ($FirstRun) {
$OutputOrder = $InputObject.psobject.properties.name
$FirstRun = $False
#Get properties to process
$Properties = Get-Member -InputObject $InputObject -MemberType *Property
#Get properties that hold a collection
$Properties_Collection = @(($Properties | Where-Object {
$_.Definition -match "Collection|\[\]"
}).Name)
#Get properties that do not hold a collection
$Properties_NoCollection = @(($Properties | Where-Object {
$_.Definition -notmatch "Collection|\[\]"
}).Name)
}
$InputObject | ForEach {
$Line = $_
$stringBuilder = New-Object Text.StringBuilder
$Null = $stringBuilder.AppendLine("[pscustomobject] @{")
$OutputOrder | ForEach {
$Null = $stringBuilder.AppendLine("`"$($_)`" = `"$(($line.$($_) | Out-String).Trim())`"")
}
}
$Null = $stringBuilder.AppendLine("}")
Invoke-Expression $stringBuilder.ToString()
}
End {}
}
$FilePath = "$Path\$Name.$($Type.ToLower())"
$Report = Find-PotentiallyCrackableAccounts -FullData
if ($Summary) {
$Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder
}
if ($Type -eq "CSV" ) {$Report | Convert-Output | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation}
elseif ($Type -eq "XML") {$Report | Export-Clixml $FilePath -Encoding UTF8}
elseif ($Type -eq "HTML") {$Report | Convert-Output | ConvertTo-Html | Out-File $FilePath -Encoding utf8}
elseif ($Type -eq "TXT") {$Report | Convert-Output | Out-File $FilePath -Encoding utf8}
Write-Host "$Type file saved in: $FilePath"
if (!$DoNotOpen) {
Invoke-Item $FilePath
}
}