Skip to main content

Get-ADInfo Powershell Module

With the competition season mostly over, I've been able to spend some time catching up on write-ups, classwork, and projects. I'm also able to start releasing the materials I created for my team this year. Starting with Get-ADInfo, the first (sort of) Powershell module I've created. You can find it here https://www.powershellgallery.com/packages/Get-ADInfo/1.0.0. Additionally, you can also find it on my GitHub.

Module Information

Get-ADInfo is a module that was created to help facilitate Active Directory object enumeration. I spent a lot of time last year developing security tools for Windows servers, but I hadn't really done anything neat with basic enumeration stuff. So I wanted to create some enumeration tools for our Windows people this year. Get-ADInfo was the first tool I started working on, and probably the one that turned out the best, as I was quickly overwhelmed with relearning bash and some of the more advanced Linux skills I had forgotten after focusing on Windows for so long. Essentially, Get-ADInfo works by pulling critical information out of certain AD object cmdlets. In some cases, I had to make some custom objects, but in general, the cmdlets provided in the module are re-skins of the AD object cmdlets ordered in a slightly easier-to-understand way.

By default, all the commands will enumerate all objects. However, for each cmdlet, the object name can be specified with the -Name property. For example, Get-ADGroupInfo -Name Administrators will list all information about the Administrators group. I designed it to run through all objects if no property was given to speed up the enumeration process, as this module was originally designed for a competition environment. 

Function Get-UserInfo

The Get-UserInfo function provides critical information about the specified user (or all users) including membership status. For example, if user 'Test' is a member of the group 'Test-Group', this cmdlet will pull that information and display the membership. Additionally, it grabs logon information, display info, and other useful details. I personally find it more useful than Get-ADUser in terms of getting an overview of users.

Example Output of Get-UserInfo

Function Get-OUInfo

Unlike Get-UserInfo, Get-OUInfo has quite a bit of custom properties. When I was first writing this module, I had never done any kind of custom object creation or module creation, and this was the first cmdlet I started working on. I certainly learned a good bit while making this one. 

Get-OUInfo lists information about the specified (or all) organizational units. This information includes the linked users, groups, and computers. Aside from the linked objects, it also displays management and display information. 

Example Output of Get-OUInfo

Function Get-GroupInfo

This is the simplest of the cmdlets in this module. For every specified (or all) group, the group's members and the owners are listed alongside creation and display information. 

Example Output of Get-GroupInfo

Function Get-ADComputerInfo

This is the most complex cmdlet in the module. It provides a wealth of information on each connected computer in the domain. For example, it shows networking information such as DNS hostname, IPv4, and v6 address. It also displays the logon information like last logon date, password change dates, and expiration dates. Of course, it also gives the AD management information as well, like created dates, enabled status, and distinguished names. It will also show linked members and owners. 

Example Output of Get-ADComputerInfo



Comments

Post a Comment

Popular posts from this blog

Using PGPy to encrypt and decrypt files and messages

 PGPy is a library for python that enables the creation, storage, and encryption/decryption of PGP keys and files in python. Recently, in a small project to reacquaint myself with python, I used PGPy for key generation and encryption and decryption. That project can be found in my github at  https://github.com/lpowell . The goal of the project was to use command-line switches to control the program, and to provide basic encryption and decryption capabilities, along with rot13 and base64 encoding.  First, to load in a key use key, _ = pgpy.PGPKey.from_file(keyfilename) . This loads the key from either a binary or ASCII armored file. You can swap out .from_file for .from_blob , if you plan on using a key stored in a string or bytes object rather than a file. In my example code, I pull the key from a file, as I found it to be the simpler method.  Next, you'll need to open a file or create a string or bytes object that contains the message you wish to encrypt. We'll call this file
Post a Comment
Read more

Frag Attacks - A critical Wifi vulnerability

Wifi fragmentation and aggregation attacks (FragAttacks) are a new collection of vulnerabilities in which a threat actor can exfiltrate data or attack victims within radio range. Mathy Vanhoef, a postdoctoral researcher at New York University Abu Dhabi, recently published his paper, Fragment and Forge: Breaking Wi-Fi through Frame Aggregation and Fragmentation , detailing several attack vectors and examining the intricacies of the aggregation vulnerabilities that have been part of the 802.11 standards since the inception in 1997.  Quite interestingly, every device tested was susceptible to one or more of the FragAttacks. While several 802.11 standards make these attacks harder to perform, they can be executed on all devices across all standards. It's a good thing then, that there was a nine-month embargo on information related to these attacks, allowing manufacturers to provide security updates to affected devices. Mathy Vanhoef has also created a website documenting the FragAttack
Post a Comment
Read more

RFC 791 pt2

 This week's post will cover the operation of the Internet Protocol. Specifically, Time to Live (TOL), Type of Service(TOS), the Header Checksum, and the other remaining options available when transmitting data across IP. While this post will cover the basic operations and provide descriptions of their functions and use, a more technical dive will be saved for next week's post, which will cover the specification section of RFC 791. The final post in this series will cover the security implications of the Internet Protocol, and briefly cover the updates made to the original document and protocol.  Continuing from the last post, there are two main functions of the Internet Protocol. Addressing and Fragmentation. To begin,  the device you use to connect to the internet, or the internet module, uses the addressing function of IP to send and receive data. The internet module reads the address of the datagram and uses it to route to the desired endpoint. This address is carried in th
Post a Comment
Read more