Test-WeakCredentials
Description
An agnostic method of gathering information on users with potentially compromised passwords by querying currently available comprehensive lists of known password hashes.
Requirements
- PowerShell v5
- Must be run against an Active Directory domain controller.
Usage
- Download 7-Zip if needed.
- Install the DSInternals module.
- Download the selected password list.
- Extract and rename the extracted file if necessary.
- Get weak passwords and duplicate passwords.
- Query for reversible encryption and interactive logon messages.
- Format the results into one object.
- Clean up the requested files.
- Log the results.
- Return the created object.
Downloads the 140MB password dictionary and queries that dictionary for matching hashes found on a domain controller, leaving all files.
.\Test-WeakCredentials -PWDictSize "Small"
This will download the 9MB password list, execute the query to compare values, then it will delete the extracted text file and the zipped file.
.\Test-WeakCredentials -PWDictSize "Tiny" -Cleanup "text,zipped"
This will download the 12GB password list, execute that query to compare values, then it will delete the text, 7z, 7zip, and the created .xml files.
.\Test-WeakCredentials -PWDictSize "Large" -Cleanup "All"
Parameters
| Parameter | Alias | Required | Default | Type | Description |
|---|---|---|---|---|---|
PWDictSize | PDS | False | 9MB | String | This parameter specifies the password dictionary you wish to query. It is a valid set of 'Tiny', 'Small', 'Medium', 'Large'. |
Cleanup | C | False | String[] | This parameter accepts any combination of its valid set. It is a valid set of 'All', 'Text', 'Zipped'. |
Output
PSObject