+ Reply to Thread
Results 1 to 12 of 12
  1. Senior Member
    Join Date
    May 2006
    Posts
    1,944

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #1

    Default Local admins powershell script

    Anyone has a ps script that takes input from .csv file of computer names, and outputs another csv file with the local admins on those computers? My searches returned too many hits, some worked but they did not take input from a file.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    874

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #2
    Good question. I could use this in my environment if anybody has one. Wonder if there's a Nessus plug-in for that? Seems like something someone has made something for before
    Reply With Quote Quote  

  4. Senior Member DoubleNNs's Avatar
    Join Date
    Oct 2012
    Location
    Charlotte, NC
    Posts
    1,938

    Certifications
    A+, VCA-DCV, Linux+/LPIC-1, AWS CSA, AWS Dev, AWS SysOps, Project+ [Expired: Net+, Sec+, CCENT, CCNA]
    #3
    The "Get-Content" cmdlet reads content from a text file, which seems like it could be abbreviated as "gc."

    $servers_list = gc file.txt
    Would probably save the contents of your file as a variable, which you could then iterate through, using a For or Foreach loop.

    I don't know any Powershell (or much about Windows in general haha) and too lazy to spin up a Windows VM at the moment. But if you show me what you have so far (the scripts you said worked), maybe I could put something together for you tomorrow.

    Edit: Or, alternatively, if you have Python available on whatever computer you're going to run the script, maybe I could write a short Python script for you?
    Last edited by DoubleNNs; 05-25-2016 at 03:11 AM.
    Goals for 2017:
    RHCSA, RHCE, LFCS: Ubuntu | Project+ | AWS Certified DevOps Engineer | Learn Docker, Kubernetes, Prometheus, Golang | Improve Python Programming
    Reply With Quote Quote  

  5. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,619

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #4
    Could try this... did some editing on a function I found online. Will just need to edit the last "import-cvs" line for you csv file path and out-file path (where you want to save it). Also in your csv file that lists the computer names just make sure there is a header called "ComputerName". I ran it on my computer and it worked. Just don't know how it will work on other machines. Or how the formatting will look with multiple machines.



    function get-localadmins{
    [cmdletbinding()]
    Param(
    [string]$computerName
    )
    $group = get-wmiobject win32_group -ComputerName $computerName -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
    $query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($ group.name)'`""
    $list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
    $list | %{$_.PartComponent} | % {$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}
    }

    import-csv -path C:\input.csv | foreach-object { get-localadmins $_.ComputerName } | out-file C:\output.csv
    Last edited by NetworkNewb; 05-25-2016 at 04:01 AM.
    Reply With Quote Quote  

  6. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,619

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #5
    Just tried it out at here at work, it does work. But there is was an extra space in the code that was messing it up. Also, it just puts everything into one line... Cleaned it up a tiny bit to make easier to read with multiple computer names as well. Instead of explaining where the one extra space is here is all the code again so you can just copy and paste it. Let me know if that works on your end.


    function get-localadmins{
    [cmdletbinding()]
    Param(
    [string]$computerName
    )
    $group = get-wmiobject win32_group -ComputerName $computerName -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
    $query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($ group.name)'`""
    $list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
    $list = $list | %{$_.PartComponent} | % {$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}
    $list = ,("Computer Name: " + $computerName) + $list
    $list += " "
    return $list
    }


    import-csv -path C:\input.csv | foreach-object { get-localadmins $_.ComputerName } | out-file C:\output.csv
    Last edited by NetworkNewb; 05-25-2016 at 02:40 PM. Reason: Update: small change to seperate computers. Still need to fix the space before using
    Reply With Quote Quote  

  7. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,619

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #6
    Alright, thats weird. Must be something with this text input screen that causes an extra space in that one spot... I can't even edit my post to remove because when I select "edit post" the extra space isnt there. Well, the extra space is in the function, the line that starts with $query. Towards the end of the of line where it says $($ group.name) , it should be $($group.name)
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    May 2006
    Posts
    1,944

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #7
    Cool, that's nice of you man. I played around a bit more yesterday on my lab with the other scripts i had and got one of them to work this morning. I'll give yours a try later also. Still scanning.
    Reply With Quote Quote  

  9. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,619

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #8
    no worries, I enjoy working on those. Will have to store it away in my script folder for rainy day when it might come in use. Maybe Mr.Plow will find a use for it.
    Reply With Quote Quote  

  10. Reticulating splines... iBrokeIT's Avatar
    Join Date
    Jul 2013
    Location
    Twin Cities, MN
    Posts
    1,044

    Certifications
    GCIH, GSEC, VCAP5-DCA, VCP5-DCV, MCITP:EA, MCSA 2003/08
    #9
    As a security professional you should definitely look into PowerShell Empire and the PowerView module for enumerating a Windows environment.

    Great blog by the co-creator of Empire: harmj0y - security at the misfortune of others

    A few of the functions of PowerView:
    • Find-LocalAdminAccess - finds machines on the domain that the current user has local admin access to
    • Invoke-EnumerateLocalAdmin - enumerates members of the local Administrators groups across all machines in the domain
    • Invoke-UserHunter - finds machines on the local domain where specified users are logged into, and can optionally check if the current user has local admin access to found machines
    • Invoke-StealthUserHunter - finds all file servers utilizes in user HomeDirectories, and checks the sessions one each file server, hunting for particular users
    • Invoke-ProcessHunter - hunts for processes with a specific name or owned by a specific user on domain machines
    • Invoke-UserEventHunter - hunts for user logon events in domain controller event logs

    Git: https://github.com/PowerShellMafia/P...e/master/Recon
    Reply With Quote Quote  

  11. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,619

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #10
    That Powershell Empire definitely looks interesting. Might have to check that one out after the elearnsecurity PTP course
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    May 2006
    Posts
    1,944

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #11
    I'll have to look into that, using my phone now so cant click on those links.
    Reply With Quote Quote  

  13. Senior Member knownhero's Avatar
    Join Date
    Jul 2008
    Location
    UK
    Posts
    433

    Certifications
    MCSE: SharePoint 2013, Productivity
    #12
    $Computer = Get-Content "c:\temp\names.csv"foreach ($i in $Computer){net localgroup administrators}
    I was looking at you message again and notice you wanted to output the file again. So I went back to the drawing board someone has actually done what I was kinda going to do.

    $Computers = Get-Content 'c:\temp\computernames.csv'
    $Reult = 'c:\temp\test.csv'
    $results = @()
    foreach($Computer in $computers)
    {
    $admins = @()$group =[ADSI]"WinNT://$server/Administrators"
    $members = @($group.psbase.Invoke("Members"))$members | foreach {
    $obj = new-object psobject -Property @{
    Server = $Computer
    Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
    }
    $admins += $obj
    }
    $results += $admins
    }
    $results| Export-csv $Result -NoTypeInformation

    You don't need to go into the Wmi object to achieve this.
    Last edited by knownhero; 06-10-2016 at 02:35 PM.
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013

    Road map 2017: JavaScript and modern web development

    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks