public/Get-VPASPasswordHistory.ps1
|
<#
.Synopsis GET PASSWORD HISTORY CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET HISTORY OF OLD PASSWORDS OF AN ACCOUNT IN CYBERARK .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER safe Safe name that will be used to query for the target account if no AcctID is passed .PARAMETER username Username that will be used to query for the target account if no AcctID is passed .PARAMETER platform PlatformID that will be used to query for the target account if no AcctID is passed .PARAMETER address Address that will be used to query for the target account if no AcctID is passed .PARAMETER AcctID Unique ID that maps to a single account, passing this variable will skip any query functions .PARAMETER ShowTemporary Specify if temporary passwords should be included in the history that is being pulled Temporary passwords are passwords that the CPM attempted to set on the account but failed to do so .EXAMPLE $AccountPasswordsHistoryJSON = Get-VPASPasswordHistory -ShowTemporary -safe {SAFE VALUE} -address {ADDRESS VALUE} .OUTPUTS JSON Object (PasswordHistory) if successful $false if failed #> function Get-VPASPasswordHistory{ [OutputType('System.Object',[bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)] [String]$safe, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [String]$platform, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [String]$username, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [String]$address, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [Switch]$ShowTemporary, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [String]$AcctID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ write-verbose "SUCCESSFULLY PARSED PVWA VALUE" write-verbose "SUCCESSFULLY PARSED TOKEN VALUE" if([String]::IsNullOrEmpty($AcctID)){ Write-Verbose "NO ACCOUNT ID PROVIDED, INVOKING HELPER FUNCTION" $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address write-verbose "ACCOUNT ID WAS RETURNED" if($AcctID -eq -1){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND UNIQUE ACCOUNT ENTRY WITH SPECIFIED PARAMETERS" Write-VPASOutput -str "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -type E return $false } elseif($AcctID -eq -2){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND ACCOUNT WITH SPECIFIED PARAMETERS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND ACCOUNT WITH SPECIFIED PARAMETERS" Write-VPASOutput -str "NO ACCOUNTS FOUND" -type E return $false } else{ try{ Write-Verbose "MAKING API CALL TO CYBERARK" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" if($ShowTemporary){ write-verbose "SHOWTEMPORARY PASSWORDS ENABLED" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=true" } else{ write-verbose "SHOWTEMPORARY PASSWORD IS NOT ENABLED" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=false" } } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" if($ShowTemporary){ write-verbose "SHOWTEMPORARY PASSWORDS ENABLED" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=true" } else{ write-verbose "SHOWTEMPORARY PASSWORD IS NOT ENABLED" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=false" } } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN $log = Write-VPASTextRecorder -inputval "===BREAK===" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING PASSWORD HISTORY" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT RETRIEVE PASSWORD HISTORY" Write-VPASOutput -str $_ -type E return $false } } } else{ Write-Verbose "ACCOUNT ID PROVIDED, SKIPPING HELPER FUNCTION" try{ Write-Verbose "MAKING API CALL TO CYBERARK" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" if($ShowTemporary){ write-verbose "SHOWTEMPORARY PASSWORDS ENABLED" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=true" } else{ write-verbose "SHOWTEMPORARY PASSWORD IS NOT ENABLED" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=false" } } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" if($ShowTemporary){ write-verbose "SHOWTEMPORARY PASSWORDS ENABLED" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=true" } else{ write-verbose "SHOWTEMPORARY PASSWORD IS NOT ENABLED" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=false" } } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN $log = Write-VPASTextRecorder -inputval "===BREAK===" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING PASSWORD HISTORY" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT RETRIEVE PASSWORD HISTORY" Write-VPASOutput -str $_ -type E return $false } } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |