{LogWrite -Logfile $LogFileName -LogEntryString "| Empty input line ignored (line#: $cnt_LineNumber)." -LogEntryType INFO -TimeStamp}
Write-Verbose "| Empty input line ignored (line#: $cnt_LineNumber)."
$cnt_LineNumber++
Continue
}
$NTHash = $(Get-NTHashFromClearText $BadPassword)
If ($htBadPasswords.ContainsKey($NTHash)) # NB! Case-insensitive on purpose
{
$intBadPasswordsInListsDuplicates++
If ($bolWriteToLogFile -and $bolWriteVerboseInfoToLogfile) {LogWrite -Logfile $LogFileName -LogEntryString "| Duplicate password: '$BadPassword' = $NTHash" -LogEntryType INFO -TimeStamp}
Write-Verbose "| Duplicate password: '$BadPassword' = $NTHash (line#: $cnt_LineNumber)"
}
Else # New password to put into hash table
{
If ($bolWriteToLogFile -and $bolWriteVerboseInfoToLogfile) {LogWrite -Logfile $LogFileName -LogEntryString "| Adding to hashtable: '$BadPassword' = $NTHash" -LogEntryType INFO -TimeStamp}
Write-Verbose "| Adding to hashtable: '$BadPassword' = $NTHash (line#: $cnt_LineNumber)"
$htBadPasswords.Add($NTHash,$BadPassword)
}
# Counting line numbers
$cnt_LineNumber++
} # Foreach BadPassword
}
}
#Смещение верхней строки
$intBadPasswordsInLists = $htBadPasswords.Count - 1
Add-content -path $Pfile "Name,Username,NTLMPassword"
$arrUsersAndHashes = Get-ADReplAccount -All -Server $DC -NamingContext $Domain | Where {$_.Enabled -eq $true -and $_.SamAccountType -eq 'User' -and $_.DistinguishedName -like $OUsss} | Select SamAccountName,@{Name="NTHashHex";Expression={ConvertTo-Hex $_.NTHash}}
$intUsersAndHashesFromAD = $arrUsersAndHashes.Count
Foreach ($hashuser in $arrUsersAndHashes)
{
$strUserSamAccountName = $hashuser.SamAccountName
$Nametable = Get-ADUser -LDAPFilter "(sAMAccountName=$strUserSamAccountName)" | Select Name
$Name = $Nametable.name
$strUserNTHashHex = $hashuser.NTHashHex
If ($htBadPasswords.ContainsKey($strUserNTHashHex)) # NB! Case-insensitive on purpose
{
$intBadPasswordsFound++
$strUserBadPasswordClearText = $htBadPasswords.Get_Item($strUserNTHashHex)
Add-content $Pfile "$Name,$strUserSamAccountName,$strUserBadPasswordClearText" -Encoding UTF8
}
}
$UsersAll = Import-Csv $Pfile -Encoding UTF8
#Список исключения
$Users = Import-Csv $Pfile -Encoding UTF8 | where-object { $_.Username -NotMatch 'УверенныйАдмин|testuser|СУПЕРБОСС' }
#Мылинг
function SendNotification {
$Msg = New-Object Net.Mail.MailMessage
$Smtp = New-Object Net.Mail.SmtpClient($MailServer)
$Msg.From = $FromAddress
$Msg.To.Add($ToAddress)
$Msg.Subject = "Внимание! $datA Обнаружен слабый пароль!"
$Msg.Body = $EmailBody
$Msg.IsBodyHTML = $true
$Msg.Priority = [System.Net.Mail.MailPriority]::High
$Smtp.Send($Msg)
}
$TOsoc='[email protected]'
$head = "Внимание! $datA Обнаружены слабые пароли на $intBadPasswordsFound из $intUsersAndHashesFromAD :"
$emailBodyTXT = $UsersAll | Sort NTLMPassword,Username | ConvertTo-Html -Head $head | Format-Table -Autosize | Out-String
Send-MailMessage -smtpServer $MailServer -from $FromAddress -to $TOsoc -subject "Внимание! $datA Обнаружены слабые пароли!" -body $emailBodyTXT -BodyAsHTML -Encoding UTF8
Foreach ($User in $Users){
$FIO = $User.name
$ToAddress = "$FIO
Write-Verbose "| Empty input line ignored (line#: $cnt_LineNumber)."
$cnt_LineNumber++
Continue
}
$NTHash = $(Get-NTHashFromClearText $BadPassword)
If ($htBadPasswords.ContainsKey($NTHash)) # NB! Case-insensitive on purpose
{
$intBadPasswordsInListsDuplicates++
If ($bolWriteToLogFile -and $bolWriteVerboseInfoToLogfile) {LogWrite -Logfile $LogFileName -LogEntryString "| Duplicate password: '$BadPassword' = $NTHash" -LogEntryType INFO -TimeStamp}
Write-Verbose "| Duplicate password: '$BadPassword' = $NTHash (line#: $cnt_LineNumber)"
}
Else # New password to put into hash table
{
If ($bolWriteToLogFile -and $bolWriteVerboseInfoToLogfile) {LogWrite -Logfile $LogFileName -LogEntryString "| Adding to hashtable: '$BadPassword' = $NTHash" -LogEntryType INFO -TimeStamp}
Write-Verbose "| Adding to hashtable: '$BadPassword' = $NTHash (line#: $cnt_LineNumber)"
$htBadPasswords.Add($NTHash,$BadPassword)
}
# Counting line numbers
$cnt_LineNumber++
} # Foreach BadPassword
}
}
#Смещение верхней строки
$intBadPasswordsInLists = $htBadPasswords.Count - 1
Add-content -path $Pfile "Name,Username,NTLMPassword"
$arrUsersAndHashes = Get-ADReplAccount -All -Server $DC -NamingContext $Domain | Where {$_.Enabled -eq $true -and $_.SamAccountType -eq 'User' -and $_.DistinguishedName -like $OUsss} | Select SamAccountName,@{Name="NTHashHex";Expression={ConvertTo-Hex $_.NTHash}}
$intUsersAndHashesFromAD = $arrUsersAndHashes.Count
Foreach ($hashuser in $arrUsersAndHashes)
{
$strUserSamAccountName = $hashuser.SamAccountName
$Nametable = Get-ADUser -LDAPFilter "(sAMAccountName=$strUserSamAccountName)" | Select Name
$Name = $Nametable.name
$strUserNTHashHex = $hashuser.NTHashHex
If ($htBadPasswords.ContainsKey($strUserNTHashHex)) # NB! Case-insensitive on purpose
{
$intBadPasswordsFound++
$strUserBadPasswordClearText = $htBadPasswords.Get_Item($strUserNTHashHex)
Add-content $Pfile "$Name,$strUserSamAccountName,$strUserBadPasswordClearText" -Encoding UTF8
}
}
$UsersAll = Import-Csv $Pfile -Encoding UTF8
#Список исключения
$Users = Import-Csv $Pfile -Encoding UTF8 | where-object { $_.Username -NotMatch 'УверенныйАдмин|testuser|СУПЕРБОСС' }
#Мылинг
function SendNotification {
$Msg = New-Object Net.Mail.MailMessage
$Smtp = New-Object Net.Mail.SmtpClient($MailServer)
$Msg.From = $FromAddress
$Msg.To.Add($ToAddress)
$Msg.Subject = "Внимание! $datA Обнаружен слабый пароль!"
$Msg.Body = $EmailBody
$Msg.IsBodyHTML = $true
$Msg.Priority = [System.Net.Mail.MailPriority]::High
$Smtp.Send($Msg)
}
$TOsoc='[email protected]'
$head = "Внимание! $datA Обнаружены слабые пароли на $intBadPasswordsFound из $intUsersAndHashesFromAD :"
$emailBodyTXT = $UsersAll | Sort NTLMPassword,Username | ConvertTo-Html -Head $head | Format-Table -Autosize | Out-String
Send-MailMessage -smtpServer $MailServer -from $FromAddress -to $TOsoc -subject "Внимание! $datA Обнаружены слабые пароли!" -body $emailBodyTXT -BodyAsHTML -Encoding UTF8
Foreach ($User in $Users){
$FIO = $User.name
$ToAddress = "$FIO