DSInternals.DSAccount.format.ps1xml
<?xml version="1.0" encoding="utf-8" ?>
<Configuration> <Controls> <Control> <Name>HashCollection</Name> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <EnumerateCollection /> <ScriptBlock>$_ | ConvertTo-Hex | foreach -Begin { [int] $i = 1 } -Process { if($i -gt 1) { "`n" }; "Hash {0:d2}: {1}" -f $i,$_ ; $i++ }</ScriptBlock> </ExpressionBinding> <NewLine /> </CustomItem> </Frame> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> <Control> <Name>Hash</Name> <!-- Converts binary hash into a hex string --> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <EnumerateCollection /> <ScriptBlock>ConvertTo-Hex $_</ScriptBlock> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> <Control> <Name>Rid</Name> <!-- Extracts RID from SID --> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <EnumerateCollection /> <ScriptBlock>[DSInternals.Common.SecurityIdentifierExtensions]::GetRid($_)</ScriptBlock> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> <Control> <Name>KerberosKeyData</Name> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>KeyType</PropertyName> </ExpressionBinding> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>Key: </Text> <ExpressionBinding> <PropertyName>Key</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <NewLine /> </CustomItem> </Frame> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> <Control> <Name>KerberosKeyDataNew</Name> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>KeyType</PropertyName> </ExpressionBinding> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>Key: </Text> <ExpressionBinding> <PropertyName>Key</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <NewLine /> <Text>Iterations: </Text> <ExpressionBinding> <PropertyName>IterationCount</PropertyName> </ExpressionBinding> <NewLine /> </CustomItem> </Frame> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> <Control> <Name>KerberosCredential</Name> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <Text>Credentials:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>Credentials</PropertyName> <EnumerateCollection /> <CustomControlName>KerberosKeyData</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> <Text>OldCredentials:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>OldCredentials</PropertyName> <EnumerateCollection /> <CustomControlName>KerberosKeyData</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> <Text>Salt: </Text> <ExpressionBinding> <PropertyName>DefaultSalt</PropertyName> </ExpressionBinding> <NewLine /> <Text>Flags: </Text> <ExpressionBinding> <PropertyName>Flags</PropertyName> </ExpressionBinding> <NewLine /> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> <Control> <Name>KerberosCredentialNew</Name> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <Text>Credentials:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>Credentials</PropertyName> <EnumerateCollection /> <CustomControlName>KerberosKeyDataNew</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> <Text>OldCredentials:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>OldCredentials</PropertyName> <EnumerateCollection /> <CustomControlName>KerberosKeyDataNew</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> <Text>OlderCredentials:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>OlderCredentials</PropertyName> <EnumerateCollection /> <CustomControlName>KerberosKeyDataNew</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> <Text>ServiceCredentials:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>ServiceCredentials</PropertyName> <EnumerateCollection /> <CustomControlName>KerberosKeyDataNew</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> <Text>Salt: </Text> <ExpressionBinding> <PropertyName>DefaultSalt</PropertyName> </ExpressionBinding> <NewLine /> <Text>DefaultIterationCount: </Text> <ExpressionBinding> <PropertyName>DefaultIterationCount</PropertyName> </ExpressionBinding> <NewLine /> <Text>Flags: </Text> <ExpressionBinding> <PropertyName>Flags</PropertyName> </ExpressionBinding> <NewLine /> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> <Control> <Name>SupplementalCredentials</Name> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <Text>ClearText: </Text> <ExpressionBinding> <PropertyName>ClearText</PropertyName> </ExpressionBinding> <NewLine /> <Text>NTLMStrongHash: </Text> <ExpressionBinding> <PropertyName>NTLMStrongHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <NewLine /> <Text>Kerberos:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>Kerberos</PropertyName> <CustomControlName>KerberosCredential</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> <Text>KerberosNew:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>KerberosNew</PropertyName> <CustomControlName>KerberosCredentialNew</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> <Text>WDigest:</Text> <NewLine /> <ExpressionBinding> <PropertyName>WDigest</PropertyName> <CustomControlName>HashCollection</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> </Controls> <ViewDefinitions> <View> <Name>SupplementalCredentials</Name> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.SupplementalCredentials</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock>$_</ScriptBlock> <CustomControlName>SupplementalCredentials</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>KerberosCredential</Name> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.KerberosCredential</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock>$_</ScriptBlock> <CustomControlName>KerberosCredential</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>KerberosCredentialNew</Name> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.KerberosCredentialNew</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock>$_</ScriptBlock> <CustomControlName>KerberosCredentialNew</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>KerberosKeyData</Name> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.KerberosKeyData</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock>$_</ScriptBlock> <CustomControlName>KerberosKeyData</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>KerberosKeyDataNew</Name> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.KerberosKeyDataNew</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock>$_</ScriptBlock> <CustomControlName>KerberosKeyDataNew</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>DSAccount</Name> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <Text>DistinguishedName: </Text> <ExpressionBinding> <PropertyName>DistinguishedName</PropertyName> </ExpressionBinding> <NewLine /> <Text>Sid: </Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> </ExpressionBinding> <NewLine /> <Text>Guid: </Text> <ExpressionBinding> <PropertyName>Guid</PropertyName> </ExpressionBinding> <NewLine /> <Text>SamAccountName: </Text> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <NewLine /> <Text>SamAccountType: </Text> <ExpressionBinding> <PropertyName>SamAccountType</PropertyName> </ExpressionBinding> <NewLine /> <Text>UserPrincipalName: </Text> <ExpressionBinding> <PropertyName>UserPrincipalName</PropertyName> </ExpressionBinding> <NewLine /> <Text>PrimaryGroupId: </Text> <ExpressionBinding> <PropertyName>PrimaryGroupId</PropertyName> </ExpressionBinding> <NewLine /> <Text>SidHistory: </Text> <ExpressionBinding> <PropertyName>SidHistory</PropertyName> </ExpressionBinding> <NewLine /> <Text>Enabled: </Text> <ExpressionBinding> <PropertyName>Enabled</PropertyName> </ExpressionBinding> <NewLine /> <Text>UserAccountControl: </Text> <ExpressionBinding> <PropertyName>UserAccountControl</PropertyName> </ExpressionBinding> <NewLine /> <Text>AdminCount: </Text> <ExpressionBinding> <PropertyName>AdminCount</PropertyName> </ExpressionBinding> <NewLine /> <Text>Deleted: </Text> <ExpressionBinding> <PropertyName>Deleted</PropertyName> </ExpressionBinding> <NewLine /> <Text>LastLogon: </Text> <ExpressionBinding> <PropertyName>LastLogon</PropertyName> </ExpressionBinding> <NewLine /> <Text>DisplayName: </Text> <ExpressionBinding> <PropertyName>DisplayName</PropertyName> </ExpressionBinding> <NewLine /> <Text>GivenName: </Text> <ExpressionBinding> <PropertyName>GivenName</PropertyName> </ExpressionBinding> <NewLine /> <Text>Surname: </Text> <ExpressionBinding> <PropertyName>Surname</PropertyName> </ExpressionBinding> <NewLine /> <Text>Description: </Text> <ExpressionBinding> <PropertyName>Description</PropertyName> </ExpressionBinding> <NewLine /> <Text>ServicePrincipalName: </Text> <ExpressionBinding> <PropertyName>ServicePrincipalName</PropertyName> </ExpressionBinding> <NewLine /> <Text>SecurityDescriptor: </Text> <ExpressionBinding> <ScriptBlock>$_.SecurityDescriptor.ControlFlags</ScriptBlock> </ExpressionBinding> <NewLine /> <Text>Owner: </Text> <ExpressionBinding> <ScriptBlock>$_.SecurityDescriptor.Owner</ScriptBlock> </ExpressionBinding> <NewLine /> <Text>Secrets</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>NTHash: </Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <NewLine /> <Text>LMHash: </Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <NewLine /> <Text>NTHashHistory: </Text> <NewLine /> <ExpressionBinding> <PropertyName>NTHashHistory</PropertyName> <CustomControlName>HashCollection</CustomControlName> </ExpressionBinding> <Text>LMHashHistory: </Text> <NewLine /> <ExpressionBinding> <PropertyName>LMHashHistory</PropertyName> <CustomControlName>HashCollection</CustomControlName> </ExpressionBinding> <Text>SupplementalCredentials:</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>SupplementalCredentials</PropertyName> <CustomControlName>SupplementalCredentials</CustomControlName> </ExpressionBinding> </CustomItem> </Frame> </CustomItem> </Frame> <Text>Credential Roaming</Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>Created: </Text> <ExpressionBinding> <PropertyName>RoamedCredentialsCreated</PropertyName> </ExpressionBinding> <NewLine /> <Text>Modified: </Text> <ExpressionBinding> <PropertyName>RoamedCredentialsModified</PropertyName> </ExpressionBinding> <NewLine /> <Text>Credentials: </Text> <NewLine /> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <ExpressionBinding> <PropertyName>RoamedCredentials</PropertyName> <CustomControlName>RoamedCredential</CustomControlName> <EnumerateCollection /> </ExpressionBinding> </CustomItem> </Frame> </CustomItem> </Frame> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>JohnNT</Name> <!-- Format: <username>:$NT:<hash>:<sid>:: --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:$NT:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> </ExpressionBinding> <Text>::</Text> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>JohnLM</Name> <!-- Format: <username>:<hash>:<sid>:: --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> </ExpressionBinding> <Text>::</Text> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>Ophcrack</Name> <!-- Format: <username>::<lmhash>:<nthash>:<sid>:: --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>::</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> </ExpressionBinding> <Text>::</Text> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatNT</Name> <!-- Format: <username>:<hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatLM</Name> <!-- Format: <username>:<hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>NTHash</Name> <!-- Format: <hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>LMHash</Name> <!-- Format: <hash> --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>PWDump</Name> <!-- Format: <username>:<uid>:<LM-hash>:<NTLM-hash>:<comment>:<homedir>: --> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> <CustomControlName>Rid</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:::</Text> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> </ViewDefinitions> </Configuration> |