Update Utility.ps1

Adding full message dumping for other language that will not match the search keyword
Mr-Un1k0d3r · Mar 13, 2019 · c4b6f12 · c4b6f12
1 parent e042ddf
commit c4b6f12
Showing 1 changed file with 14 additions and 7 deletions.
diff --git a/scripts/Utility.ps1 b/scripts/Utility.ps1
@@ -10,6 +10,8 @@ function Search-EventForUser {
 	[Parameter(Mandatory=$False)]
 	[switch]$FindDC = $False,
 	[Parameter(Mandatory=$False)]
+	[switch]$FullMessage = $False,
+	[Parameter(Mandatory=$False)]
 	[string]$Username,
 	[Parameter(Mandatory=$False)]
 	[string]$Password
@@ -48,13 +50,18 @@ function Search-EventForUser {
 				if($data) {
 					ForEach($entry in $data) {
 						Write-Output "`n[+] Event found" 
-						ForEach($Line in $entry.Message.Split("`n")) {
-							$Line | Select-String -Pattern "Account Name:"
-							$Line | Select-String -Pattern "Account Domain:"
-							$Line | Select-String -Pattern "Security ID:"
-							$Line | Select-String -Pattern "Source Network Address:"
-							$Line | Select-String -Pattern "Workstation Name:"
-							$Line | Select-String -Pattern "Process Name:"
+
+						If($FullMessage) {
+							Write-Output $entry.Message
+						} Else {
+							ForEach($Line in $entry.Message.Split("`n")) {
+								$Line | Select-String -Pattern "Account Name:"
+								$Line | Select-String -Pattern "Account Domain:"
+								$Line | Select-String -Pattern "Security ID:"
+								$Line | Select-String -Pattern "Source Network Address:"
+								$Line | Select-String -Pattern "Workstation Name:"
+								$Line | Select-String -Pattern "Process Name:"
+							}
 						}
 					}
 				} else {