RepoMirrors/DSInternals
1
0
Fork 0
mirror of https://github.com/MichaelGrafnetter/DSInternals synced 2025-02-16 10:56:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Test-PasswordQuality Add SamAccountName as Password test

Browse Source
This commit is contained in:
BlueCurby 2023-08-07 20:59:43 +02:00 committed by Michael Grafnetter
parent a273b1371e
commit 9a94fb848a
3 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs
View File

@ -234,7 +234,11 @@
// Skip the remaining tests, because they only make sense for non-empty passwords. // Skip the remaining tests, because they only make sense for non-empty passwords.
return; return;
} }
if (this.Account.SamAccountType == SamAccountType.User)
{
// Check if the user has the SamAccountName as password.
this.TestSamAccountNameAsPassword();
}
if (this.Account.SamAccountType == SamAccountType.Computer) if (this.Account.SamAccountType == SamAccountType.Computer)
{ {
// Check if the computer has a default password. // Check if the computer has a default password.
@ -466,6 +470,28 @@
accountList.Add(this.Account.LogonName); accountList.Add(this.Account.LogonName);
} }
private void TestSamAccountNameAsPassword()
{
string userLowerPassword = this.Account.SamAccountName.ToLower();
string userExactPassword = this.Account.SamAccountName;
byte[] userLowerHash = NTHash.ComputeHash(userLowerPassword);
byte[] userExactHash = NTHash.ComputeHash(userExactPassword);
if (HashEqualityComparer.GetInstance().Equals(this.Account.NTHash, userLowerHash))
{
// Username Password is lowercase SamAccountName
this.result.SamAccountNameAsPassword.Add(this.Account.LogonName);
}
else
{
if (HashEqualityComparer.GetInstance().Equals(this.Account.NTHash, userExactHash))
{
// Username Password is exact SamAccountName
this.result.SamAccountNameAsPassword.Add(this.Account.LogonName);
}
}
}
private void TestComputerDefaultPassword() private void TestComputerDefaultPassword()
{ {
string defaultPassword = this.Account.SamAccountName.TrimEnd('$').ToLower(); string defaultPassword = this.Account.SamAccountName.TrimEnd('$').ToLower();

5
Src/DSInternals.PowerShell/Types/PasswordQualityTestResult.cs
View File

@ -27,6 +27,11 @@
/// </summary> /// </summary>
public ISet<string> WeakPassword = new SortedSet<string>(); public ISet<string> WeakPassword = new SortedSet<string>();
/// <summary>
/// List of user accounts with SamAccountName as passwords.
/// </summary>
public ISet<string> SamAccountNameAsPassword = new SortedSet<string>();
/// <summary> /// <summary>
/// List of computer accounts with default passwords. /// List of computer accounts with default passwords.
/// </summary> /// </summary>

6
Src/DSInternals.PowerShell/Views/DSInternals.PasswordQualityTestResult.format.ps1xml
View File

@ -89,6 +89,12 @@
<PropertyName>DuplicatePasswordGroups</PropertyName> <PropertyName>DuplicatePasswordGroups</PropertyName>
<CustomControlName>AccountGroupList</CustomControlName> <CustomControlName>AccountGroupList</CustomControlName>
</ExpressionBinding> </ExpressionBinding>
<Text>These user accounts have the SamAccountName as password:</Text>
<NewLine />
<ExpressionBinding>
<PropertyName>SamAccountNameAsPassword</PropertyName>
<CustomControlName>AccountList</CustomControlName>
</ExpressionBinding>
<Text>These computer accounts have default passwords:</Text> <Text>These computer accounts have default passwords:</Text>
<NewLine /> <NewLine />
<ExpressionBinding> <ExpressionBinding>