如何拆分此哈希表搜索的结果?

时间:2019-04-29 17:44:59

标签: powershell hashtable

我正在尝试使用this将我的AD NT哈希转储与https://haveibeenpwned.com/Passwords哈希进行比较。 我在将多个具有相同密码的用户名分组在一起的结果时遇到麻烦。

代码:

  param(
        [Parameter(Mandatory = $true)]
        [System.IO.FileInfo] $ADNTHashes,

        [Parameter(Mandatory = $true)]
        [System.IO.FileInfo] $HashDictionary
    )
    #>

    process {
        $stopwatch = [System.Diagnostics.Stopwatch]::StartNew()

        #Declare and fill new hashtable with ADNThashes. Converts to upper case to 
        $htADNTHashes = @{} 
        Import-Csv -Delimiter ":" -Path $ADNTHashes -Header "User","Hash" | % {$htADNTHashes[$_.Hash.toUpper()] += @($_.User)}

        #Create empty output object
        $mrMatchedResults = @()

        #Create Filestream reader 
        $fsHashDictionary = New-Object IO.Filestream $HashDictionary,'Open','Read','Read'
        $frHashDictionary = New-Object System.IO.StreamReader($fsHashDictionary) 

        #Iterate through HashDictionary checking each hash against ADNTHashes
        while (($lineHashDictionary = $frHashDictionary.ReadLine()) -ne $null) {
            if($htADNTHashes.ContainsKey($lineHashDictionary.Split(":")[0].ToUpper())) {
                $foFoundObject = [PSCustomObject]@{
                    User = $htADNTHashes[$lineHashDictionary.Split(":")[0].ToUpper()]
                    Frequency = $lineHashDictionary.Split(":")[1]
                    Hash = $linehashDictionary.Split(":")[0].ToUpper()
                }
                $mrMatchedResults += $foFoundObject               
            }
        }
        $stopwatch.Stop()
        Write-Verbose "Function Match-ADHashes completed in $($stopwatch.Elapsed.TotalSeconds) Seconds"
    }

    end {
        $mrMatchedResults
    }
}

我尝试注释掉| % {$htADNTHashes[$_.Hash.toUpper()] += @($_.User)},它似乎很接近,但是以某种方式删除了频率列。

结果如下:

User                            Frequency Hash                            
----                            --------- ----                            
{TestUser2, TestUser3}          20129     H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1
{TestUser1}                     1         H2H2H2H2H2H2H2H2H2H2H2H2H2H2H2H2

我希望他们分开:

User                            Frequency Hash                            
----                            --------- ----                            
{TestUser2}                     20129     H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1
{TestUser3}                     20129     H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1H1
{TestUser1}                     1         H2H2H2H2H2H2H2H2H2H2H2H2H2H2H2H2

我确定这是一个简单的更改,但是我对Powershell的经验很少。

将$ FormatEnumerationLimit更改为-1的建议也不是我想要的,这只是修复了列表被截断的问题。 {user1,user2,user3 ...}

1 个答案:

答案 0 :(得分:0)

while (($lineHashDictionary = $frHashDictionary.ReadLine()) -ne $null) {
            if($htADNTHashes.ContainsKey($lineHashDictionary.Split(":")[0].ToUpper())) {
                $Users = $htADNTHashes[$lineHashDictionary.Split(":")[0].ToUpper()]
                foreach($User in $Users){
                $foFoundObject = [PSCustomObject]@{
                    User = $User
                    Frequency = $lineHashDictionary.Split(":")[1]
                    Hash = $linehashDictionary.Split(":")[0].ToUpper()
                }
                $mrMatchedResults += $foFoundObject
                }
            }
        }
相关问题
最新问题