Talking with a buddy of mine, the conversation about retrieving Registry Hives and Keys remotely came up. He initially was looking for something he could use and eventually sided with an open-source program on the web. I, myself, tested said program as well and it for the most part did what it said it would. In the end though, that is just another product I could be adding to someone’s network. With that said, I took to PowerShell! Which I ended up using reg.exe wrapped in PowerShell to export to Hives and Keys. I now needed something as the workhorse to execute this remotely and that’s where WMI came in. I used it to start a process-call against a supplied list of systems and once complete, Get-ChildItem is used to pull the .reg file back to my system. The code can be found HERE.
Month: February 2017
Using PowerShell, we can look in text files for strings that fit the criteria for passwords and return the potential password, file path, and line number. The criteria that is being search uses regex expressions and looks for at least four characters but no more than 15 with at least one character being upper, lower, a number, and a special character. The data is returned in a xml file and is best read back into PowerShell using out-gridview (my fav.). The code is on my GitHub located HERE.