Skip to content

Commit

Permalink
Updated sample output
Browse files Browse the repository at this point in the history
  • Loading branch information
@prashant3535
prashant3535 committed Aug 28, 2018
1 parent a09e97c commit 701aa88
Show file tree
Hide file tree
Showing 93 changed files with 28,433 additions and 0 deletions.
1 change: 1 addition & 0 deletions ADRecon.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1142,6 +1142,7 @@ namespace ADRecon
{
try
{
PSObject AdGPO = (PSObject) record;

PSObject GPOObj = new PSObject();
GPOObj.Members.Add(new PSNoteProperty("DisplayName", CleanString(Convert.ToString(AdGPO.Members["DisplayName"].Value))));
Expand Down
454 changes: 454 additions & 0 deletions Sample Output/ADRecon-Report-20180828223537/CSV-Files/ACLs.csv
View file

Large diffs are not rendered by default.

7 changes: 7 additions & 0 deletions Sample Output/ADRecon-Report-20180828223537/CSV-Files/AboutADRecon.csv
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
"Category","Value"
"Date","28/08/2018 10:35:37 PM"
"ADRecon","https://github.com/sense-of-security/ADRecon"
"RSAT Version","v1.0"
"Ran as user","administrator"
"Ran on computer","sos.labs\DC1 - Primary Domain Controller"
"Execution Time (mins)","0.17"
7 changes: 7 additions & 0 deletions Sample Output/ADRecon-Report-20180828223537/CSV-Files/BitLockerRecoveryKeys.csv
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
"Distinguished Name","Name","whenCreated","Recovery Key ID","Recovery Key","Volume GUID","msTPM-OwnerInformation","msTPM-TpmInformationForComputer","TPM Owner Password"
"CN=WIN8-1X64,OU=Workstations,DC=sos,DC=labs","2018-03-18T19:46:22+10:00{413D07B0-6C7D-43ED-B405-1D666F370BB7}","18/03/2018 7:46:47 PM","413d07b0-6c7d-43ed-b405-1d666f370bb7","239195-501215-066341-543554-510950-371679-230593-311905","e88a533d-2d9e-4845-ad86-c7097b3351eb",,,
"CN=WIN10X64,OU=Workstations,DC=sos,DC=labs","2018-03-28T23:41:52+10:00{17108E05-5937-4742-B74C-3780AF11B37E}","28/03/2018 11:42:35 PM","17108e05-5937-4742-b74c-3780af11b37e","078606-491865-384142-393976-674399-265100-698159-623777","2337a5e8-f5b7-461a-909c-c02219cea0a7",,,
"CN=WIN10X64,OU=Workstations,DC=sos,DC=labs","2018-03-29T00:43:59+10:00{66DF7187-B5F6-4E55-9A65-385B5EBAF7DC}","29/03/2018 12:44:30 AM","66df7187-b5f6-4e55-9a65-385b5ebaf7dc","370183-324632-694177-176407-626626-439406-512292-284669","d654a6c9-a008-4513-a738-95def119f12d",,,
"CN=WIN10X64,OU=Workstations,DC=sos,DC=labs","2018-03-29T01:14:40+10:00{BDED6E14-8121-483F-993D-773AF95D8059}","29/03/2018 1:14:51 AM","bded6e14-8121-483f-993d-773af95d8059","159709-504581-653972-294778-041602-005434-502095-400169","2f34a2b4-e5e3-480a-8bce-92ecf2fa385a",,,
"CN=WIN10X64,OU=Workstations,DC=sos,DC=labs","2018-03-29T05:58:25+10:00{7545BE4D-3C13-4883-94DA-C3337C12C870}","29/03/2018 5:58:46 AM","7545be4d-3c13-4883-94da-c3337c12c870","383306-280027-536470-106579-627638-483054-616330-197527","1785aaf3-2cab-4905-a61c-1b858c15f066",,,
"CN=WIN10,OU=Workstations,DC=sos,DC=labs","2018-04-05T23:59:32+10:00{37935B06-26D6-4AA5-9D40-01CD1F9C63D8}","5/04/2018 11:59:41 PM","37935b06-26d6-4aa5-9d40-01cd1f9c63d8","237160-134134-502502-416757-050402-448415-142186-666446","7c406713-7d62-4abe-9ccf-38ecdc53bc3d",,,
23 changes: 23 additions & 0 deletions Sample Output/ADRecon-Report-20180828223537/CSV-Files/ComputerSPNs.csv
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
"Name","Service","Host"
"DC1","Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04","DC1.sos.labs"
"DC1","ldap","DC1.sos.labs,DC1,4d55de11-5a60-4d67-9523-0607a687be7e._msdcs.sos.labs"
"DC1","DNS","DC1.sos.labs"
"DC1","GC","DC1.sos.labs"
"DC1","RestrictedKrbHost","DC1.sos.labs,DC1"
"DC1","RPC","4d55de11-5a60-4d67-9523-0607a687be7e._msdcs.sos.labs"
"DC1","HOST","DC1,DC1.sos.labs"
"DC1","E3514235-4B06-11D1-AB04-00C04FC2DCD2","4d55de11-5a60-4d67-9523-0607a687be7e"
"WIN7X86","RestrictedKrbHost","WIN7X86,WIN7X86.sos.labs"
"WIN7X86","HOST","WIN7X86,WIN7X86.sos.labs"
"WIN7X64-OFFICE","TERMSRV","WIN7X64-OFFICE,Win7x64-Office.sos.labs"
"WIN7X64-OFFICE","RestrictedKrbHost","WIN7X64-OFFICE,WIN7X64-OFFICE.sos.labs"
"WIN7X64-OFFICE","HOST","WIN7X64-OFFICE,WIN7X64-OFFICE.sos.labs"
"WIN8-1X64","RestrictedKrbHost","WIN8-1X64,Win8-1x64.sos.labs"
"WIN8-1X64","HOST","WIN8-1X64,Win8-1x64.sos.labs"
"WIN10X64","RestrictedKrbHost","WIN10X64,Win10x64.sos.labs"
"WIN10X64","HOST","WIN10X64,Win10x64.sos.labs"
"WIN10","RestrictedKrbHost","WIN10,Win10.sos.labs"
"WIN10","HOST","WIN10,Win10.sos.labs"
"WEV","WSMAN","WEV,WEV.sos.labs"
"WEV","RestrictedKrbHost","WEV,WEV.sos.labs"
"WEV","HOST","WEV,WEV.sos.labs"
8 changes: 8 additions & 0 deletions Sample Output/ADRecon-Report-20180828223537/CSV-Files/Computers.csv
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
"Name","DNSHostName","Enabled","IPv4Address","Operating System","Logon Age (days)","Password Age (days)","Dormant (> 90 days)","Password Age (> 30 days)","Delegation Type","Delegation Protocol","Delegation Services","UserName","Primary Group ID","SID","SIDHistory","Description","Last Logon Date","Password LastSet","whenCreated","whenChanged","Distinguished Name"
"DC1","DC1.sos.labs","True","192.168.9.10","Windows Server 2016 Datacenter Evaluation 10.0 (14393)","0","26","False","False",,,,"DC1$","516","S-1-5-21-2872888145-3513486857-3924934394-1000","",,"28/08/2018 10:32:49 PM","2/08/2018 4:24:06 PM","16/03/2018 5:22:29 PM","28/08/2018 10:32:49 PM","CN=DC1,OU=Domain Controllers,DC=sos,DC=labs"
"WIN7X86","WIN7X86.sos.labs","True","192.168.9.101","Windows 7 Professional N Service Pack 1 6.1 (7601)","20","20","False","False",,,,"WIN7X86$","515","S-1-5-21-2872888145-3513486857-3924934394-1116","",,"8/08/2018 6:11:10 PM","8/08/2018 6:11:10 PM","18/03/2018 5:32:30 PM","8/08/2018 6:11:12 PM","CN=WIN7X86,OU=Workstations,DC=sos,DC=labs"
"WIN7X64-OFFICE","WIN7X64-OFFICE.sos.labs","True","192.168.9.103","Windows 7 Professional N Service Pack 1 6.1 (7601)","12","42","False","True",,,,"WIN7X64-OFFICE$","515","S-1-5-21-2872888145-3513486857-3924934394-1117","",,"16/08/2018 11:05:48 AM","17/07/2018 2:29:22 PM","18/03/2018 5:56:38 PM","16/08/2018 11:05:48 AM","CN=WIN7X64-OFFICE,OU=Workstations,DC=sos,DC=labs"
"WIN8-1X64","Win8-1x64.sos.labs","True","192.168.9.103","Windows 8.1 Pro 6.3 (9600)","163","163","True","True","Constrained","Kerberos","http/DC1.sos.labs/sos.labs,http/DC1.sos.labs,http/DC1,http/DC1.sos.labs/sos,http/DC1/sos","WIN8-1X64$","515","S-1-5-21-2872888145-3513486857-3924934394-1118","","Constrained Delegation, Kerberos","18/03/2018 6:08:05 PM","18/03/2018 6:08:05 PM","18/03/2018 6:08:05 PM","8/08/2018 6:56:45 PM","CN=WIN8-1X64,OU=Workstations,DC=sos,DC=labs"
"WIN10X64","Win10x64.sos.labs","True","192.168.9.104","Windows 10 Enterprise Evaluation 10.0 (16299)","152","152","True","True","Constrained","Any","www/DC1.sos.labs/sos.labs,www/DC1.sos.labs,www/DC1,www/DC1.sos.labs/sos,www/DC1/sos,cifs/Win8-1x64.sos.labs,cifs/WIN8-1X64","WIN10X64$","515","S-1-5-21-2872888145-3513486857-3924934394-1125","S-1-5-21-2872888145-3513486857-3924934394-1000,S-1-5-21-2872888145-3513486857-3924934394-1126","Constrained Delegation, Any and SIDHistory","28/03/2018 11:29:04 PM","28/03/2018 11:29:03 PM","28/03/2018 11:29:03 PM","8/08/2018 6:58:21 PM","CN=WIN10X64,OU=Workstations,DC=sos,DC=labs"
"WIN10","Win10.sos.labs","True","192.168.9.101","Windows 10 Pro 10.0 (10240)","144","144","True","True","Unconstrained","Kerberos","Any","WIN10$","515","S-1-5-21-2872888145-3513486857-3924934394-1126","","Unconstrained Delegation","5/04/2018 11:53:48 PM","5/04/2018 11:53:48 PM","5/04/2018 11:53:48 PM","8/08/2018 6:59:20 PM","CN=WIN10,OU=Workstations,DC=sos,DC=labs"
"WEV","WEV.sos.labs","True","192.168.9.102","Windows Server 2016 Standard Evaluation 10.0 (14393)","19","16","False","False",,,,"WEV$","515","S-1-5-21-2872888145-3513486857-3924934394-1128","",,"9/08/2018 7:20:14 AM","12/08/2018 5:14:22 AM","11/07/2018 7:49:58 PM","12/08/2018 5:14:22 AM","CN=WEV,CN=Computers,DC=sos,DC=labs"
Loading

0 comments on commit 701aa88

Please sign in to comment.