Domain reference for Format-Custom views

MichaelGrafnetter / DSInternals

Directory Services Internals (DSInternals) PowerShell Module and Framework

https://www.dsinternals.com

MIT License

1.62k stars 250 forks source link

Domain reference for Format-Custom views #179

Open Jupithor opened 4 months ago

Jupithor commented 4 months ago

I am working with multiple domains, and doing something like this:

foreach($DC in $DCs){
     $accounts += Get-ADReplAccount -All -Server $DC
}
$accounts |  Test-PasswordQuality -WeakPasswordHashesSortedFile $HIBP | Out-File $auditoutput  -Encoding ASCII
$accounts |  Format-Custom -View PwDump | Out-File $hashoutput -Encoding ASCII

In the output for Test-PasswordQuality i get domain\user. But in the PwDump I only get username. Is there a way to get a domain reference in the pwdump etc.?

Thank you

MichaelGrafnetter commented 4 months ago

Hi @Jupithor, all custom views would deserve some improvements, including a filter that would drop user accounts without password hashes and computer accounts. You could try to manually modify the DSInternals.DSAccount.ExportViews.format.ps1xml file and replace $PSItem.SamAccountName with $PSItem.LogonName. I would be curious to hear if the \ character is compatible with the current versions of tools like Hashcat, John the Ripper, Ophcrack, Rainbowcrack, or Elcomsoft Distributed Password Recovery.

Jupithor commented 4 months ago

Thank you for your reply. Yes, i am currently using -replace to prepend $domain\ . I can confirm that it works with Hashcat.