Using PowerShell to check Pwned passwords (Using the HaveIBeenPwned API)

We’ve been encountering a lot of Office365 hacks in the previous months. Most of the time the client does not want MFA enabled and has no clue their password has already been leaked. We figured internally that we’d like a way to check if a single password has been leaked but as we are the purest of nerds we hate browsing to a website. 😉 Enter PowerShell! We’ve created a small script that checks multiple passwords using the HaveIBeenPwned API to check if the password has been seen in a leak before.

To generate a hash of the password we are entering, we’re using Get-StringHash made by Jon Gurgul. To find the get-stringhash function you can visit the PowerShell gallery here or read Jon’s blog about it here

$passwords = @("PlainTextPassword","NotMyPassword","WhyGodWhy","password")

#http://jongurgul.com/blog/get-stringhash-get-filehash/
Function Get-StringHash([String] $String,$HashName = "SHA1")
{
$StringBuilder = New-Object System.Text.StringBuilder
[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|%{
[Void]$StringBuilder.Append($_.ToString("x2"))
}
$StringBuilder.ToString()
}


foreach($Password in $passwords){
$hash = Get-StringHash -String $($Password) -HashName SHA1
$APICall = $hash.Substring(0,5)
$APIResult = Invoke-Restmethod -Uri "https://api.pwnedpasswords.com/range/$APICall"
$APIresult = $APIresult -split "`n"
$FoundMatch = $APIResult | Where-Object {$_ -match $Hash.Substring(5)}
if($FoundMatch){ write-host "Hash for password $($Password) has been found. Password has most likely been pwned" }
}

The script itself is pretty simple, enter the passwords you want to check into the $Passwords array and run the script, First we’ll load Jon’s function and after that we loop through the password array and write out if the password is encountered.

Attention: Passwords are printed as plain-text and must be entered as plaintext, as always. be careful and happy PowerShelling!

Recent Articles

The return of CyberDrain CTF

CyberDrain CTF returns! (and so do I!)

It’s been since september that I actually picked up a digital pen equivalent and wrote anything down. This was due to me being busy with life but also my side projects like CIPP. I’m trying to get back into the game of scripting and blogging about these scripts. There’s still so much to automate and so little time, right? ;)

Monitoring with PowerShell: Monitoring Acronis Backups

Intro

This is a monitoring script requested via Reddit, One of the reddit r/msp users wondered how they can monitor Acronis a little bit easier. I jumped on this because it happened pretty much at the same time that I was asked to speak at the Acronis CyberSummit so it kinda made sense to script this so I have something to demonstrate at my session there.

Monitoring with PowerShell: Monitoring VSS Snapshots

Intro

Wow! It’s been a while since I’ve blogged. I’ve just been so swamped with CIPP that I’ve just let the blogging go entirely. It’s a shame because I think out of all my hobbies it’s one I enjoy the most. It’s always nice helping others achieve their scripting target. I even got a couple of LinkedIn questions asking if I was done with blogging but I’m not. Writing always gives me some more piece of mind so I’ll try to catch up again. I know I’ve said that before but this time I’ll follow through. I’m sitting down right now and scheduling the release of 5 blogs in one go. No more whining and no more waiting.