Skip to content

Commit

Permalink
New .ps1 for the export function
Browse files Browse the repository at this point in the history
  • Loading branch information
@machosec
machosec committed May 19, 2016
1 parent 1bc3588 commit e952a52
Showing 1 changed file with 119 additions and 0 deletions.
119 changes: 119 additions & 0 deletions Export-PotentiallyCrackableAccounts.ps1
View file
@@ -0,0 +1,119 @@
<#
Author: Matan Hart (@machosec)
License: GNU v3
Required Dependencies: Find-PotentiallyCrackableAccounts
Optional Dependencies: None
#>


function Export-PotentiallyCrackableAccounts
{
<#
.SYNOPSIS
Report juicy information about user accounts associated with SPN
Author: Matan Hart (@machosec)
License: GNU v3
Required Dependencies: Find-PotentiallyCrackableAccounts
Optional Dependencies: None
.DESCRIPTION
This function queries the Active Directory and retreive information about user accounts associated with SPN.
This infromation could detremine if a service account is potentially crackable.
User accounts associated with SPN are vulnerable to offline brute-forceing and they are often (by defualt)
configured with weak password and encryption (RC4-HMAC).
Requires Active Directory authentication (domain user is enough).
.PARAMETER Type
The format of the report file. The default is CSV
.PARAMETER Path
The path to store the file. The default is the user's "Documents" folder
.PARAMETER Name
The name of the report. The default is "Report"
.PARAMETER Summary
Report minimial information
.PARAMETER DoNotOpen
Do not open the report
.EXAMPLE
Report-PotentiallyCrackableAccounts
Report all user accounts associated with SPN in entire forest. Save and open the report in CSV format in Documents folder
.EXAMPLE
Report-PotentiallyCrackableAccounts -Type XML -Path C:\Report -DoNotOpen
Report all user accounts associated with SPN in entire forest. Save the report in XML format in C:\Report folder
#>
[CmdletBinding()]
param
(
[ValidateSet("CSV", "XML", "HTML", "TXT")]
[String]$Type = "CSV",
[String]$Path = "$env:USERPROFILE\Documents",
[String]$Name = "Report",
[Switch]$Summary,
[Switch]$DoNotOpen
)

# Credits for Boe Prox from TechNet - https://gallery.technet.microsoft.com/scriptcenter/Convert-OutoutForCSV
Function Convert-Output
{
[cmdletbinding()]
Param (
[parameter(ValueFromPipeline=$true)]
[psobject]$InputObject
)
Begin {
$PSBoundParameters.GetEnumerator() | ForEach {
Write-Verbose "$($_)"
}
$FirstRun = $True
}
Process {
If ($FirstRun) {
$OutputOrder = $InputObject.psobject.properties.name
$FirstRun = $False
#Get properties to process
$Properties = Get-Member -InputObject $InputObject -MemberType *Property
#Get properties that hold a collection
$Properties_Collection = @(($Properties | Where-Object {
$_.Definition -match "Collection|\[\]"
}).Name)
#Get properties that do not hold a collection
$Properties_NoCollection = @(($Properties | Where-Object {
$_.Definition -notmatch "Collection|\[\]"
}).Name)
}

$InputObject | ForEach {
$Line = $_
$stringBuilder = New-Object Text.StringBuilder
$Null = $stringBuilder.AppendLine("[pscustomobject] @{")
$OutputOrder | ForEach {
$Null = $stringBuilder.AppendLine("`"$($_)`" = `"$(($line.$($_) | Out-String).Trim())`"")
}
}
$Null = $stringBuilder.AppendLine("}")
Invoke-Expression $stringBuilder.ToString()
}
End {}
}

$FilePath = "$Path\$Name.$($Type.ToLower())"
$Report = Find-PotentiallyCrackableAccounts -FullData
if ($Summary) {
$Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder
}
if ($Type -eq "CSV" ) {$Report | Convert-Output | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation}
elseif ($Type -eq "XML") {$Report | Export-Clixml $FilePath -Encoding UTF8}
elseif ($Type -eq "HTML") {$Report | Convert-Output | ConvertTo-Html | Out-File $FilePath -Encoding utf8}
elseif ($Type -eq "TXT") {$Report | Convert-Output | Out-File $FilePath -Encoding utf8}
Write-Host "$Type file saved in: $FilePath"
if (!$DoNotOpen) {
Invoke-Item $FilePath
}
}

0 comments on commit e952a52

Please sign in to comment.