Format-SercretsDump.ps1
|
<#PSScriptInfo .VERSION 1.0 .GUID 7f0fecf2-c66c-4e60-9c8d-c4162348fd3d .AUTHOR Kalichuza .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES .PRIVATEDATA #> <# .DESCRIPTION Takes the output from the impacket-secretsdump and formats NTLM hashes in a way that is optimized for cracking with hashcat. #> param ( [Parameter(Mandatory = $true, HelpMessage = "Path to the input file containing potential hashes.")] [string]$InputFile, [Parameter(Mandatory = $true, HelpMessage = "Path to the output file where filtered NTLM hashes will be saved.")] [string]$OutputFile ) # Regular expression to match lines in the format `username:RID:LMHASH:NTHASH:::` $NTLMRegex = '^[^:]+:[0-9]+:[a-fA-F0-9]{32}:[a-fA-F0-9]{32}:::' try { # Read all lines from the input file Write-Host "Reading input file: $InputFile" $Lines = Get-Content -Path $InputFile # Filter lines that match the NTLM hash pattern Write-Host "Filtering lines matching the NTLM hash format..." $FilteredLines = $Lines | Where-Object { $_ -match $NTLMRegex } # Save the full matching lines to the output file if ($FilteredLines.Count -gt 0) { Write-Host "Saving filtered lines to output file: $OutputFile" $FilteredLines | Set-Content -Path $OutputFile Write-Host "Filtering complete. $($FilteredLines.Count) entries saved to $OutputFile." } else { Write-Host "No matching entries found in the input file." } } catch { Write-Error "An error occurred: $_" } |