diff --git a/Changelog.txt b/Changelog.txt
index b81214d..6a49400 100644
--- a/Changelog.txt
+++ b/Changelog.txt
@@ -1,3 +1,22 @@
+Version 3.0
+- [Module] Added the Set-ADDBAccountPassword and Set-ADDBAccountPasswordHash for offline password modification.
+- [Module] The Test-PasswordQuality cmdlet now supports NTLM hash list from haveibeenpwned.com.
+- [Module] Added the Get-ADKeyCredential for linked credential generation (AKA Windows Hello for Business).
+- [Module] The Get-ADDBAccount, Get-ADReplAccount and Get-ADSIAccount cmdlets now display linked credentials.
+- [Module] Databases from Windows Server 2016 can now be read on non-DCs.
+- [Module] Added the ConvertTo-KerberosKey cmdlet for key generation.
+- [Module] The Save-DPAPIBlob now generates scripts for mimikatz.
+- [Module] The Save-DPAPIBlob cmdlet now accepts pipeline input from both Get-ADDBBackupKey and ADDBAccount cmdlets.
+- [Module] Added Views JohnNTHistory, HashcatNTHistory and NTHashHistory.
+- [Module] The Get-ADDBDomainController now displays domain and forest functional levels.
+- [Module] The Set-ADDBDomainController can now be used to modify backup expiration.
+- [Module] The Get-ADDBAccount cmdlet now reports progress when retrieving multiple accounts.
+- [Module] Removed the ConvertTo-NTHashDictionary cmdlet as its functionality had been integrated into Test-PasswordQuality.
+- [Framework] Added support for offline password changes.
+- [Framework] Added support for kerberos key derivation.
+- [Framework] Added support for WDigest hash calculation.
+- [Framework] Minor bug fixes.
+
Version 2.23
- [Module] The Test-PasswordQuality now supports accounts that require smart card authentication.
- [Module] Fixed a bug in in the processing of the SkipDuplicatePasswordTest switch of the Test-PasswordQuality cmdlet.
@@ -178,4 +197,4 @@ Version 1.1
- Added the ConvertFrom-GPPrefPassword cmdlet
Version 1.0
-- Initial release
+- Initial release
\ No newline at end of file
diff --git a/Src/Configuration/CommonAssemblyInfo.h b/Src/Configuration/CommonAssemblyInfo.h
index c80fa4c..6976c02 100644
--- a/Src/Configuration/CommonAssemblyInfo.h
+++ b/Src/Configuration/CommonAssemblyInfo.h
@@ -1,4 +1,4 @@
using namespace System::Reflection;
[assembly:AssemblyProductAttribute(L"DSInternals PowerShell Module")];
-[assembly:AssemblyCopyrightAttribute(L"Copyright © 2015-2017 Michael Grafnetter. All rights reserved.")];
\ No newline at end of file
+[assembly:AssemblyCopyrightAttribute(L"Copyright © 2015-2018 Michael Grafnetter. All rights reserved.")];
\ No newline at end of file
diff --git a/Src/DSInternals.Common/DSInternals.Common.nuspec b/Src/DSInternals.Common/DSInternals.Common.nuspec
index 5968057..ecb9094 100644
--- a/Src/DSInternals.Common/DSInternals.Common.nuspec
+++ b/Src/DSInternals.Common/DSInternals.Common.nuspec
@@ -12,8 +12,8 @@
false
This package is shared between all other DSInternals packages. It contains implementations of common hash functions used by Windows, including NT hash, LM hash and OrgId hash. It also contains methods for SysKey/BootKey retrieval.
This package is shared between all other DSInternals packages.
- Fixed a bug in roamed credentials processing.
- Copyright (c) 2015-2017 Michael Grafnetter. All rights reserved.
+ Added support for kerberos key derivation and WDigest hash calculation.
+ Copyright (c) 2015-2018 Michael Grafnetter. All rights reserved.
ActiveDirectory Security
\ No newline at end of file
diff --git a/Src/DSInternals.Common/Properties/AssemblyInfo.cs b/Src/DSInternals.Common/Properties/AssemblyInfo.cs
index e596aa6..362fba8 100644
--- a/Src/DSInternals.Common/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.Common/Properties/AssemblyInfo.cs
@@ -6,8 +6,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals Common Library")]
-[assembly: AssemblyVersion("2.21.2")]
-[assembly: AssemblyFileVersion("2.21.2")]
+[assembly: AssemblyVersion("3.0")]
+[assembly: AssemblyFileVersion("3.0")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec b/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
index 904ab29..7b207b4 100644
--- a/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
+++ b/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
@@ -12,8 +12,8 @@
false
DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation. It can be used to extract password hashes from Active Directory backups or to modify the sIDHistory and primaryGroupId attributes.
DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation.
- Added the ability to enable and disable user accounts.
- Copyright (c) 2015-2017 Michael Grafnetter. All rights reserved.
+ Added support for offline password modification.
+ Copyright (c) 2015-2018 Michael Grafnetter. All rights reserved.
ActiveDirectory Security NTDS
diff --git a/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs b/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
index febd45b..db30889 100644
--- a/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
@@ -1,13 +1,12 @@
using System.Reflection;
-using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals DataStore Library")]
-[assembly: AssemblyVersion("2.22")]
-[assembly: AssemblyFileVersion("2.22")]
+[assembly: AssemblyVersion("3.0")]
+[assembly: AssemblyFileVersion("3.0")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.PowerShell/Commands/Datastore/GetADDBAccountCommand.cs b/Src/DSInternals.PowerShell/Commands/Datastore/GetADDBAccountCommand.cs
index 068a028..0fed8a0 100644
--- a/Src/DSInternals.PowerShell/Commands/Datastore/GetADDBAccountCommand.cs
+++ b/Src/DSInternals.PowerShell/Commands/Datastore/GetADDBAccountCommand.cs
@@ -9,17 +9,16 @@ using System.Management.Automation;
namespace DSInternals.PowerShell.Commands
{
[Cmdlet(VerbsCommon.Get, "ADDBAccount")]
- // TODO: output type
- // TODO: Accept *
[OutputType(typeof(DSAccount))]
public class GetADDBAccountCommand : ADDBPrincipalCommandBase
{
- protected const string parameterSetAll = "All";
+ private const int ProgressReportingInterval = 25;
+ protected const string ParameterSetAll = "All";
[Parameter(
Mandatory = true,
HelpMessage = "TODO",
- ParameterSetName = parameterSetAll
+ ParameterSetName = ParameterSetAll
)]
[Alias("AllAccounts", "ReturnAllAccounts")]
public SwitchParameter All
@@ -46,7 +45,7 @@ namespace DSInternals.PowerShell.Commands
{
// TODO: Exception handling: Object not found, malformed DN, ...
// TODO: Map DSAccount to transfer object
- if(this.ParameterSetName == parameterSetAll)
+ if(this.ParameterSetName == ParameterSetAll)
{
this.ReturnAllAccounts(this.BootKey);
}
@@ -72,7 +71,7 @@ namespace DSInternals.PowerShell.Commands
accountCount++;
// Update progress
- if(accountCount % 10 == 0)
+ if(accountCount % ProgressReportingInterval == 1)
{
// We do not want to change the progress too often, for performance reasons.
progress.StatusDescription = String.Format("{0}+ accounts", accountCount);
diff --git a/Src/DSInternals.PowerShell/Commands/Hash/ConvertToNTHashDictionaryCommand.cs b/Src/DSInternals.PowerShell/Commands/Hash/ConvertToNTHashDictionaryCommand.cs
deleted file mode 100644
index 7fef371..0000000
--- a/Src/DSInternals.PowerShell/Commands/Hash/ConvertToNTHashDictionaryCommand.cs
+++ /dev/null
@@ -1,86 +0,0 @@
-namespace DSInternals.PowerShell.Commands
-{
- using DSInternals.Common.Cryptography;
- using DSInternals.Common.Interop;
- using System;
- using System.Collections.Generic;
- using System.ComponentModel;
- using System.Management.Automation;
-
- [Cmdlet(VerbsData.ConvertTo, "NTHashDictionary")]
- [OutputType(new Type[] { typeof(IDictionary) })]
- public class ConvertToNTHashDictionaryCommand : PSCmdlet
- {
- #region Parameters
-
- // HACK: This parameter is not called assword to pass the PSScriptAnalyzer tests. The purpose of this command is to calculate the hashes of password lists stored in text files, so there is no need to protect them by SecureStrings.
- [Parameter(
- Mandatory = true,
- ValueFromPipeline = true,
- Position = 0
- )]
- [Alias("Password")]
- [ValidateNotNullOrEmpty]
- public string[] Input
- {
- get;
- set;
- }
-
- #endregion Parameters
-
- #region Fields
-
- private IDictionary hashDictionary;
-
- #endregion Fields
-
- #region Cmdlet Overrides
- protected override void BeginProcessing()
- {
- this.hashDictionary = new Dictionary(HashEqualityComparer.GetInstance());
- }
-
- protected override void ProcessRecord()
- {
- foreach(string password in this.Input)
- {
- if(string.IsNullOrEmpty(password))
- {
- // Skip empty lines from the input.
- continue;
- }
- try
- {
- byte[] hash = NTHash.ComputeHash(password);
- if(!this.hashDictionary.ContainsKey(hash))
- {
- // Do not try to add duplicate hashes, because the Add method would throw an ArgumentException.
- this.hashDictionary.Add(hash, password);
- }
- }
- catch (ArgumentException ex)
- {
- ErrorRecord error = new ErrorRecord(ex, "Error1", ErrorCategory.InvalidArgument, password);
- this.WriteError(error);
- }
- catch (Win32Exception ex)
- {
- ErrorCategory category = ((Win32ErrorCode)ex.NativeErrorCode).ToPSCategory();
- ErrorRecord error = new ErrorRecord(ex, "Error2", category, password);
- this.WriteError(error);
- }
- catch (Exception ex)
- {
- ErrorRecord error = new ErrorRecord(ex, "Error3", ErrorCategory.NotSpecified, password);
- this.WriteError(error);
- }
- }
- }
- protected override void EndProcessing()
- {
- this.WriteObject(this.hashDictionary, false);
- }
- #endregion Cmdlet Overrides
- }
-}
\ No newline at end of file
diff --git a/Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs b/Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs
index 044b276..a76c002 100644
--- a/Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs
+++ b/Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs
@@ -208,8 +208,7 @@
// Process duplicate passwords
if (!this.SkipDuplicatePasswordTest.IsPresent)
{
-
- this.result.DuplicatePasswordGroups = this.hashToAccountMap.Values.Where(list => list.Count > 1).ToList();
+ this.result.DuplicatePasswordGroups = this.hashToAccountMap.Values.Where(set => set.Count > 1).ToList();
}
// Process Weak Passwords
diff --git a/Src/DSInternals.PowerShell/DSInternals.PowerShell.csproj b/Src/DSInternals.PowerShell/DSInternals.PowerShell.csproj
index 4beee3f..cca3991 100644
--- a/Src/DSInternals.PowerShell/DSInternals.PowerShell.csproj
+++ b/Src/DSInternals.PowerShell/DSInternals.PowerShell.csproj
@@ -61,7 +61,6 @@
-
diff --git a/Src/DSInternals.PowerShell/DSInternals.psd1 b/Src/DSInternals.PowerShell/DSInternals.psd1
index b5bdc95..2034898 100644
--- a/Src/DSInternals.PowerShell/DSInternals.psd1
+++ b/Src/DSInternals.PowerShell/DSInternals.psd1
@@ -8,7 +8,7 @@
RootModule = 'DSInternals.psm1'
# Version number of this module.
-ModuleVersion = '2.23'
+ModuleVersion = '3.0'
# ID used to uniquely identify this module
GUID = '766b3ad8-eb78-48e6-84bd-61b31d96b53e'
@@ -87,7 +87,7 @@ CmdletsToExport = 'ConvertTo-NTHash', 'ConvertTo-LMHash', 'Set-SamAccountPasswor
'Get-ADReplAccount', 'ConvertTo-Hex', 'ConvertTo-KerberosKey',
'ConvertFrom-ADManagedPasswordBlob',
'Get-ADDBBackupKey', 'Get-ADReplBackupKey', 'Save-DPAPIBlob',
- 'Set-ADDBBootKey','ConvertTo-NTHashDictionary', 'Test-PasswordQuality',
+ 'Set-ADDBBootKey', 'Test-PasswordQuality',
'Get-ADDBKdsRootKey', 'Get-SamPasswordPolicy', 'Get-ADSIAccount',
'Enable-ADDBAccount', 'Disable-ADDBAccount', 'Get-ADKeyCredential',
'Set-ADDBAccountPassword', 'Set-ADDBAccountPasswordHash'
@@ -133,7 +133,18 @@ PrivateData = @{
# ReleaseNotes of this module
ReleaseNotes = @"
-- Fixed 2 minor bugs in the Test-PasswordQuality cmdlet.
+- Added the Set-ADDBAccountPassword and Set-ADDBAccountPasswordHash for offline password modification.
+- The Test-PasswordQuality cmdlet now supports NTLM hash list from haveibeenpwned.com.
+- Added the Get-ADKeyCredential for linked credential generation (AKA Windows Hello for Business).
+- The Get-ADDBAccount, Get-ADReplAccount and Get-ADSIAccount cmdlets now display linked credentials.
+- Databases from Windows Server 2016 can now be read on non-DCs.
+- Added the ConvertTo-KerberosKey cmdlet for key generation.
+- The Save-DPAPIBlob now generates scripts for mimikatz.
+- The Save-DPAPIBlob cmdlet now accepts pipeline input from both Get-ADDBBackupKey and ADDBAccount cmdlets.
+- Added Views JohnNTHistory, HashcatNTHistory and NTHashHistory.
+- The Get-ADDBDomainController cmdlet now displays domain and forest functional levels.
+- The Set-ADDBDomainController cmdlet can now be used to modify backup expiration.
+- The Get-ADDBAccount cmdlet now reports progress when retrieving multiple accounts.
"@
} # End of PSData hashtable
diff --git a/Src/DSInternals.PowerShell/DSInternals.psm1 b/Src/DSInternals.PowerShell/DSInternals.psm1
index 7e4b6df..d3f579d 100644
--- a/Src/DSInternals.PowerShell/DSInternals.psm1
+++ b/Src/DSInternals.PowerShell/DSInternals.psm1
@@ -42,7 +42,6 @@ New-Alias -Name Get-ADReplicationAccount -Value Get-ADReplAccount
New-Alias -Name ConvertFrom-ManagedPasswordBlob -Value ConvertFrom-ADManagedPasswordBlob
New-Alias -Name Get-SysKey -Value Get-BootKey
New-Alias -Name Set-ADDBSysKey -Value Set-ADDBBootKey
-New-Alias -Name New-NTHashDictionary -Value ConvertTo-NTHashDictionary
New-Alias -Name Test-ADPasswordQuality -Value Test-PasswordQuality
New-Alias -Name Test-ADDBPasswordQuality -Value Test-PasswordQuality
New-Alias -Name Test-ADReplPasswordQuality -Value Test-PasswordQuality
diff --git a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
index b1169de..81bc826 100644
--- a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals PowerShell Commands")]
-[assembly: AssemblyVersion("2.23")]
-[assembly: AssemblyFileVersion("2.23")]
+[assembly: AssemblyVersion("3.0")]
+[assembly: AssemblyFileVersion("3.0")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp b/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp
index b6883e2..b9f90c1 100644
--- a/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp
+++ b/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp
@@ -14,7 +14,7 @@ using namespace System::Security::Permissions;
//
[assembly:AssemblyTitleAttribute(L"DSInternals Replication Interop Library")];
// Note: Do not forget to change the version in version.rc files.
-[assembly:AssemblyVersionAttribute("2.21.2")];
+[assembly:AssemblyVersionAttribute("3.0")];
[assembly:AssemblyDescriptionAttribute(L"")];
[assembly:AssemblyConfigurationAttribute(L"")];
[assembly:AssemblyCompanyAttribute(L"")];
diff --git a/Src/DSInternals.Replication.Interop/version.rc b/Src/DSInternals.Replication.Interop/version.rc
index 21215f3..9241ae9 100644
Binary files a/Src/DSInternals.Replication.Interop/version.rc and b/Src/DSInternals.Replication.Interop/version.rc differ
diff --git a/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs b/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs
index 5c0409b..e01ea72 100644
--- a/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs
@@ -6,8 +6,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals Replication Data Model")]
-[assembly: AssemblyVersion("2.21.2")]
-[assembly: AssemblyFileVersion("2.21.2")]
+[assembly: AssemblyVersion("3.0")]
+[assembly: AssemblyFileVersion("3.0")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.Replication/DSInternals.Replication.nuspec b/Src/DSInternals.Replication/DSInternals.Replication.nuspec
index e0cea5f..684ce34 100644
--- a/Src/DSInternals.Replication/DSInternals.Replication.nuspec
+++ b/Src/DSInternals.Replication/DSInternals.Replication.nuspec
@@ -12,8 +12,8 @@
false
DSInternals Replication implements a client for the Active Directory Replication Service Remote Protocol (DRS-R). It can be used to remotely extract password hashes from domain controllers.
DSInternals Replication implements a client for the Active Directory Replication Service Remote Protocol (DRS-R).
- Fixed a bug in roamed credentials processing.
- Copyright (c) 2015-2017 Michael Grafnetter. All rights reserved.
+ Updated package references.
+ Copyright (c) 2015-2018 Michael Grafnetter. All rights reserved.
ActiveDirectory Security RPC DRSR
diff --git a/Src/DSInternals.Replication/Properties/AssemblyInfo.cs b/Src/DSInternals.Replication/Properties/AssemblyInfo.cs
index b691261..f085ae0 100644
--- a/Src/DSInternals.Replication/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.Replication/Properties/AssemblyInfo.cs
@@ -6,8 +6,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals Replication Library")]
-[assembly: AssemblyVersion("2.21.2")]
-[assembly: AssemblyFileVersion("2.21.2")]
+[assembly: AssemblyVersion("3.0")]
+[assembly: AssemblyFileVersion("3.0")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.SAM/DSInternals.SAM.nuspec b/Src/DSInternals.SAM/DSInternals.SAM.nuspec
index a5a883b..7a87a0e 100644
--- a/Src/DSInternals.SAM/DSInternals.SAM.nuspec
+++ b/Src/DSInternals.SAM/DSInternals.SAM.nuspec
@@ -13,7 +13,7 @@
DSInternals SAM implements a client for the Security Accounts Manager Remote Protocol (SAM-R). It can be used to import password hashes into Active Directory.
DSInternals SAM implements a client for the Security Accounts Manager Remote Protocol (SAM-R).
Updated package references.
- Copyright (c) 2015-2017 Michael Grafnetter. All rights reserved.
+ Copyright (c) 2015-2018 Michael Grafnetter. All rights reserved.
ActiveDirectory Security RPC SAMR
diff --git a/Src/DSInternals.SAM/Properties/AssemblyInfo.cs b/Src/DSInternals.SAM/Properties/AssemblyInfo.cs
index f050f93..b765a4f 100644
--- a/Src/DSInternals.SAM/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.SAM/Properties/AssemblyInfo.cs
@@ -6,8 +6,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals SAM Library")]
-[assembly: AssemblyVersion("2.21.2")]
-[assembly: AssemblyFileVersion("2.21.2")]
+[assembly: AssemblyVersion("3.0")]
+[assembly: AssemblyFileVersion("3.0")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]