DSInternals icon indicating copy to clipboard operation
DSInternals copied to clipboard

Published 20 hours ago verified publisher icon MichaelGrafnetter

Domain reference for Format-Custom views

Open Jupithor opened this issue 1 year ago • 2 comments

I am working with multiple domains, and doing something like this:

foreach($DC in $DCs){
     $accounts += Get-ADReplAccount -All -Server $DC
}
$accounts |  Test-PasswordQuality -WeakPasswordHashesSortedFile $HIBP | Out-File $auditoutput  -Encoding ASCII
$accounts |  Format-Custom -View PwDump | Out-File $hashoutput -Encoding ASCII

In the output for Test-PasswordQuality i get domain\user. But in the PwDump I only get username. Is there a way to get a domain reference in the pwdump etc.?

Thank you

Jupithor avatar Apr 19 '24 12:04 Jupithor

Hi @Jupithor, all custom views would deserve some improvements, including a filter that would drop user accounts without password hashes and computer accounts. You could try to manually modify the DSInternals.DSAccount.ExportViews.format.ps1xml file and replace $PSItem.SamAccountName with $PSItem.LogonName. I would be curious to hear if the \ character is compatible with the current versions of tools like Hashcat, John the Ripper, Ophcrack, Rainbowcrack, or Elcomsoft Distributed Password Recovery.

MichaelGrafnetter avatar Apr 23 '24 09:04 MichaelGrafnetter

Thank you for your reply. Yes, i am currently using -replace to prepend $domain\ . I can confirm that it works with Hashcat.

Jupithor avatar Apr 23 '24 10:04 Jupithor