Views/DSInternals.DSAccount.ExportViews.format.ps1xml
|
<?xml version="1.0" encoding="utf-8" ?>
<Configuration><!-- xsi:noNamespaceSchemaLocation="https://raw.githubusercontent.com/PowerShell/PowerShell/master/src/Schemas/Format.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">--> <Controls> <Control> <Name>Rid</Name> <!-- Extracts RID from SID --> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock>[DSInternals.Common.SecurityIdentifierExtensions]::GetRid($PSItem)</ScriptBlock> <EnumerateCollection /> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </Control> </Controls> <ViewDefinitions> <View> <Name>JohnNT</Name> <!-- NT Hashes for John the Ripper --> <!-- Format: <username>:$NT$<NT-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#JohnNT</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:$NT$</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>JohnNTHistory</Name> <!-- NT Hash History for John the Ripper --> <!-- Format: <username>:$NT$<NT-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#JohnNTHistory</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> [System.Collections.ArrayList] $records = [System.Collections.ArrayList]@() if ($PSItem.NTHash -ne $null) { [string] $record = '{0}:$NT${1}' -f $PSItem.SamAccountName, (ConvertTo-Hex $PSItem.NTHash) [int] $position = $records.Add($record) } for($i=1; $i -lt $PSItem.NTHashHistory.Count; $i++) { [string] $record = '{0}_history{1}:$NT${2}' -f $PSItem.SamAccountName, ($i-1), (ConvertTo-Hex $PSItem.NTHashHistory[$i]) [int] $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>JohnLM</Name> <!-- LM Hashes for John the Ripper --> <!-- Format: <username>:<LM-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#JohnLM</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>JohnLMHistory</Name> <!-- LM Hash History for John the Ripper --> <!-- Format: <username>:<LM-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#JohnLMHistory</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> [System.Collections.ArrayList] $records = [System.Collections.ArrayList]@() if ($PSItem.LMHash -ne $null) { [string] $record = '{0}:{1}' -f $PSItem.SamAccountName, (ConvertTo-Hex $PSItem.LMHash) [int] $position = $records.Add($record) } for($i=1; $i -lt $PSItem.LMHashHistory.Count; $i++) { [string] $record = '{0}_history{1}:{2}' -f $PSItem.SamAccountName, ($i-1), (ConvertTo-Hex $PSItem.LMHashHistory[$i]) [int] $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>Ophcrack</Name> <!-- PasswordHashes for Ophcrack --> <!-- Format: <username>::<LM-hash>:<NT-hash>:<sid>:: --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#Ophcrack</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>::</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> </ExpressionBinding> <Text>::</Text> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatNT</Name> <!-- NT Hashes for Hashcat --> <!-- Format: <username>:<NT-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#HashcatNT</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatNTHistory</Name> <!-- NT Hash History for Hashcat --> <!-- Format: <username>:<NT-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#HashcatNTHistory</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> [System.Collections.ArrayList] $records = [System.Collections.ArrayList]@() if ($PSItem.NTHash -ne $null) { [string] $record = '{0}:{1}' -f $PSItem.SamAccountName, (ConvertTo-Hex $PSItem.NTHash) [int] $position = $records.Add($record) } for($i=1; $i -lt $PSItem.NTHashHistory.Count; $i++) { [string] $record = '{0}_history{1}:{2}' -f $PSItem.SamAccountName, ($i-1), (ConvertTo-Hex $PSItem.NTHashHistory[$i]) [int] $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatLM</Name> <!-- LM Hashes for Hashcat --> <!-- Format: <username>:<LM-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#HashcatLM</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>HashcatLMHistory</Name> <!-- LM Hash History for Hashcat --> <!-- Format: <username>:<LM-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#HashcatLMHistory</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> [System.Collections.ArrayList] $records = [System.Collections.ArrayList]@() if ($PSItem.LMHash -ne $null) { [string] $record = '{0}:{1}' -f $PSItem.SamAccountName, (ConvertTo-Hex $PSItem.LMHash) [int] $position = $records.Add($record) } for($i=1; $i -lt $PSItem.LMHashHistory.Count; $i++) { [string] $record = '{0}_history{1}:{2}' -f $PSItem.SamAccountName, ($i-1), (ConvertTo-Hex $PSItem.LMHashHistory[$i]) [int] $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>NTHash</Name> <!-- NT Hashes --> <!-- Format: <NT-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#NTHash</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>NTHashHistory</Name> <!-- NT Hash History --> <!-- Format: <NT-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#NTHashHistory</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> [System.Collections.ArrayList] $records = [System.Collections.ArrayList]@() foreach($hash in $PSItem.NTHashHistory) { [string] $record = ConvertTo-Hex $hash [int] $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>LMHash</Name> <!-- NT Hashes --> <!-- Format: <LM-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#LMHash</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>LMHashHistory</Name> <!-- LM Hash History --> <!-- Format: <LM-hash> --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#LMHashHistory</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> [System.Collections.ArrayList] $records = [System.Collections.ArrayList]@() foreach($hash in $PSItem.LMHashHistory) { [string] $record = ConvertTo-Hex $hash [int] $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>PWDump</Name> <!-- PwDump Format --> <!-- Format: <username>:<uid>:<LM-hash>:<NT-hash>:<comment>:<homedir>: --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#PWDump</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <PropertyName>SamAccountName</PropertyName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>Sid</PropertyName> <CustomControlName>Rid</CustomControlName> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>LMHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <ExpressionBinding> <ScriptBlock>if($null -eq $PSItem.LMHash) { 'NO LM-HASH**********************' }</ScriptBlock> </ExpressionBinding> <Text>:</Text> <ExpressionBinding> <PropertyName>NTHash</PropertyName> <CustomControlName>Hash</CustomControlName> </ExpressionBinding> <ExpressionBinding> <ScriptBlock>if($null -eq $PSItem.NTHash) { 'NO NT-HASH**********************' }</ScriptBlock> </ExpressionBinding> <Text>:::</Text> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>PWDumpHistory</Name> <!-- PwDump Format with Password Hash History --> <!-- Format: <username>:<uid>:<LM-hash>:<NT-hash>:<comment>:<homedir>: --> <OutOfBand /> <ViewSelectedBy> <TypeName>DSInternals.Common.Data.DSAccount#PWDumpHistory</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <ExpressionBinding> <ScriptBlock> [System.Collections.ArrayList] $records = [System.Collections.ArrayList]@() [string] $samAccountName = $PSItem.SamAccountName [int] $rid = [DSInternals.Common.SecurityIdentifierExtensions]::GetRid($PSItem.Sid) [string] $lmHash = 'NO LM-HASH**********************' if($null -ne $PSItem.LMHash -and (ConvertTo-Hex $PSItem.LMHash) -ne 'aad3b435b51404eeaad3b435b51404ee') { $lmHash = ConvertTo-Hex $PSItem.LMHash } [string] $ntHash = 'NO NT-HASH**********************' if($null -ne $PSItem.NTHash) { $ntHash = ConvertTo-Hex $PSItem.NTHash } [string] $record = '{0}:{1}:{2}:{3}:::' -f $SamAccountName, $rid, $lmHash, $ntHash [int] $position = $records.Add($record) for($i=1; $i -lt $PSItem.NTHashHistory.Count; $i++) { [string] $lmHash = 'NO LM-HASH**********************' if($null -ne $PSItem.LMHashHistory[$i] -and (ConvertTo-Hex $PSItem.LMHashHistory[$i]) -ne 'aad3b435b51404eeaad3b435b51404ee') { $lmHash = ConvertTo-Hex $PSItem.LMHashHistory[$i] } [string] $ntHash = 'NO NT-HASH**********************' if($null -ne $PSItem.NTHashHistory[$i]) { $ntHash = ConvertTo-Hex $PSItem.NTHashHistory[$i] } [string] $record = '{0}_history{1}:{2}:{3}:{4}:::' -f $SamAccountName, ($i-1), $rid, $lmHash, $ntHash [int] $position = $records.Add($record) } $records -join [Environment]::NewLine </ScriptBlock> <EnumerateCollection/> </ExpressionBinding> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> </ViewDefinitions> </Configuration> |