Views/DSInternals.DSAccount.ExportViews.format.ps1xml
|
<?xml version="1.0" encoding="utf-8" ?>
<Configuration><!-- xsi:noNamespaceSchemaLocation="https://raw.githubusercontent.com/PowerShell/PowerShell/master/src/Schemas/Format.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">--> <Controls> <Control> <Name>Rid</Name> <!-- Extracts RID from SID --> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock>[DSInternals.Common.SecurityIdentifierExtensions]::GetRid($_)</ScriptBlock> <EnumerateCollection /> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> </Controls> <ViewDefinitions> <View> <Name>JohnNT</Name> <!-- Format: <username>:$NT$<NT-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:$NT$</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>JohnNTHistory</Name> <!-- Format: <username>:$NT$<NT-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> $records = [System.Collections.ArrayList]@() $record = '{0}:$NT${1}' -f $PSItem.SamAccountName, (ConvertTo-Hex $PSItem.NTHash) $position = $records.Add($record) for($i=1; $i -lt $PSItem.NTHashHistory.Count; $i++) { $record = '{0}_history{1}:$NT${2}' -f $PSItem.SamAccountName, ($i-1), (ConvertTo-Hex $PSItem.NTHashHistory[$i]) $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>JohnLM</Name> <!-- Format: <username>:<LM-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>JohnLMHistory</Name> <!-- Format: <username>:<LM-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> $records = [System.Collections.ArrayList]@() $record = '{0}:{1}' -f $PSItem.SamAccountName, (ConvertTo-Hex $PSItem.LMHash) $position = $records.Add($record) for($i=1; $i -lt $PSItem.LMHashHistory.Count; $i++) { $record = '{0}_history{1}:{2}' -f $PSItem.SamAccountName, ($i-1), (ConvertTo-Hex $PSItem.LMHashHistory[$i]) $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>Ophcrack</Name> <!-- Format: <username>::<LM-hash>:<NT-hash>:<sid>:: --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>::</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> </ExpressionBinding> <Text>::</Text> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatNT</Name> <!-- Format: <username>:<NT-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatNTHistory</Name> <!-- Format: <username>:<NT-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> $records = [System.Collections.ArrayList]@() $record = '{0}:{1}' -f $PSItem.SamAccountName, (ConvertTo-Hex $PSItem.NTHash) $position = $records.Add($record) for($i=1; $i -lt $PSItem.NTHashHistory.Count; $i++) { $record = '{0}_history{1}:{2}' -f $PSItem.SamAccountName, ($i-1), (ConvertTo-Hex $PSItem.NTHashHistory[$i]) $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatLM</Name> <!-- Format: <username>:<LM-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatLMHistory</Name> <!-- Format: <username>:<LM-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> $records = [System.Collections.ArrayList]@() $record = '{0}:{1}' -f $PSItem.SamAccountName, (ConvertTo-Hex $PSItem.LMHash) $position = $records.Add($record) for($i=1; $i -lt $PSItem.LMHashHistory.Count; $i++) { $record = '{0}_history{1}:{2}' -f $PSItem.SamAccountName, ($i-1), (ConvertTo-Hex $PSItem.LMHashHistory[$i]) $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>NTHash</Name> <!-- Format: <NT-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>NTHashHistory</Name> <!-- Format: <NT-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> $records = [System.Collections.ArrayList]@() foreach($hash in $PSItem.NTHashHistory) { $record = ConvertTo-Hex $hash $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>LMHash</Name> <!-- Format: <LM-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>LMHashHistory</Name> <!-- Format: <LM-hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> $records = [System.Collections.ArrayList]@() foreach($hash in $PSItem.LMHashHistory) { $record = ConvertTo-Hex $hash $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>PWDump</Name> <!-- Format: <username>:<uid>:<LM-hash>:<NT-hash>:<comment>:<homedir>: --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> <CustomControlName>Rid</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <ExpressionBinding> <ScriptBlock>if($PSItem.LMHash -eq $null) { 'NO LM-HASH**********************' }</ScriptBlock> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <ExpressionBinding> <ScriptBlock>if($PSItem.NTHash -eq $null) { 'NO NT-HASH**********************' }</ScriptBlock> </ExpressionBinding> <Text>:::</Text> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>PWDumpHistory</Name> <!-- Format: <username>:<uid>:<LM-hash>:<NT-hash>:<comment>:<homedir>: --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> $records = [System.Collections.ArrayList]@() $samAccountName = $PSItem.SamAccountName $rid = [DSInternals.Common.SecurityIdentifierExtensions]::GetRid($PSItem.Sid) if($PSItem.LMHash -eq $null -Or (ConvertTo-Hex $PSItem.LMHash) -eq 'aad3b435b51404eeaad3b435b51404ee') { $lmHash = 'NO LM-HASH**********************' } else { $lmHash = ConvertTo-Hex $PSItem.LMHash } if($PSItem.NTHash -eq $null) { $ntHash = 'NO NT-HASH**********************' } else { $ntHash = ConvertTo-Hex $PSItem.NTHash } $record = '{0}:{1}:{2}:{3}:::' -f $SamAccountName, $rid, $lmHash, $ntHash $position = $records.Add($record) for($i=1; $i -lt $PSItem.NTHashHistory.Count; $i++) { if($PSItem.LMHashHistory[$i] -eq $null -Or (ConvertTo-Hex $PSItem.LMHashHistory[$i]) -eq 'aad3b435b51404eeaad3b435b51404ee') { $lmHash = 'NO LM-HASH**********************' } else { $lmHash = ConvertTo-Hex $PSItem.LMHashHistory[$i] } if($PSItem.NTHashHistory[$i] -eq $null) { $ntHash = 'NO NT-HASH**********************' } else { $ntHash = ConvertTo-Hex $PSItem.NTHashHistory[$i] } $record = '{0}_history{1}:{2}:{3}:{4}:::' -f $SamAccountName, ($i-1), $rid, $lmHash, $ntHash $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> </ViewDefinitions> </Configuration> |