Monthly Archives: May 2019

HaveIBeenPwned PowerShell Module Updates

Back in 2017 I wrote a post on a PowerShell module I created that consumes Troy Hunt’s Have I Been Pwned API service. I won’t go into too much detail about the service here. Plenty of people already have and since that time HaveIBeenPwned has exploded in popularity and most of us know what it is.

In that post I briefly discussed what the module does how you can begin to use some of the core functions in it. Since that time Troy has made a few changes to the API service, some small and some large, which I’ve slowly integrated into the PowerShell module. Things like UserAgent strings being a requirement and K-anonymity for password checks.

The community has also played a part in shaping the PowerShell module over the last year. I’ve had a lot of feedback and even some contributions through the GitHub project. It’s been pretty cool to receive PRs via my GitHub page for improvements to the module.

I thought now was a good opportunity for a follow-up post to talk about some of the changes and updates that have been made over the last year.

Probably the biggest change has been K-anonymity in Get-PwnedPassword. Originally you would send your password over the air in the body of a HTTPS request. With K-anonymity, Get-PwnedPassword will now SHA1 hash your password locally first and will always just send the first 5 characters of the hash to the HaveIBeenPwned API. It’s a much safer way of checking passwords which hopefully will lead to more people accepting and trying this method.

PS F:\Code> Get-PwnedPassword -Password monkey
AB87D24BDC7452E55738DEB5F868E1F16DEA5ACE
WARNING: Password pwned 980209 times!

I’ve attempted to make the module and all functions as PowerShell Core compliant as I can. I say, attempted, because as much of a fan of PowerShell Core as I am I keep finding differences in the way Core works. I’ve had to rewrite all the error handling to better catch 404 responses. A 404 not found response actually being a good thing in identifying that an email account has not be found in a breach. So whether it’s Windows PowerShell or PowerShell Core you should now be fine.

In my original post I gave an example of how you could run Get-PwnedAccount against a CSV file of email accounts and bulk check all your email addresses. Something that could be helpful in a corporate environment with many 100s of email addresses. The example I gave though was far from ideal.

This ability is now baked into Get-PwnedAccount and should lead for some interesting results. It’s very easy to use. A simple text file saved in CSV format with each email address on a separate line / row. Incorrectly formatted email addresses will be ignored and results are displayed only for identified email addresses in breaches.

Below is an example of what the CSV file might look like

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Usage is straight forward too.

PS F:\Code> Get-PwnedAccount -CSV F:\emails.csv

Description                   Email             Breach
-----------                   -----             ------
Email address found in breach [email protected]    000webhost
Email address found in breach [email protected]    17
Email address found in breach [email protected]    500px

Each time an email is found in a breach it will output a result as an object. So you may get multiple results for a single email due to different breaches it’s in.

Identifying the total emails found in breaches is simple. For example

PS F:\Code> Get-PwnedAccount -CSV F:\emails.csv |  Measure-Object | Format-Table Count

Count
-----
  413

Now you probably don’t want to be hitting the API every time you want to manipulate the data. It will be slow and I can’t guarantee that rate limiting may block you. Storing the results in a variable will provide a lot more flexibility and speed. For example, finding results just on one email address

PS F:\SkyDrive\Code> $results = Get-PwnedAccount -CSV F:\emails.csv
PS F:\SkyDrive\Code> $results | Where-Object {$_.email -eq "[email protected]"}

Or if you don’t care about the breach and just want to display a compromised email address once.

$results | Sort-Object Email -Unique | Select-Object Email

You get the point right!?!? It’s fairly flexible once you store the results in an array.

Finally one last small addition. Get-PwnedAccount will now accept an email from the pipeline. So if you have another cmdlet or script that can pull an email out, you can pipe that directly into Get-PwnedAccount to quickly check if it’s been compromised in a breach. For example checking an AD user email address could be done as follows…

PS F:\code> Get-ADUser myuser -Properties emailaddress | % emailaddress | Get-PwnedAccount

Status Description              Account Exists
------ -----------              --------------
Good   Email address not found. False

The HaveIBeenPwned PowerShell module can be downloaded from the PowerShellGallery. Always make sure you are downloading and using the latest version. Within PowerShell use Install-Module -Name HaveIBeenPwned. The project can also be found on my GitHub page where you can clone and fork the project.

I’m keen to hear suggestions and feedback. So please let me know your experiences.

Download Links
PowerShellGallery: https://www.powershellgallery.com/packages/HaveIBeenPwned/
GitHub: https://github.com/originaluko/haveibeenpwned

Building and running Windows Terminal

The big news from Microsoft over the last week has been the announcement of Windows Terminal. An open source project from Microsoft currently up on GitHub. Windows Terminal allows you to run multiple tabbed CLIs from the one window. Not only that but they can be a mix of different CLIs --cmd, PowerShell, Python, Bash, etc. Pretty cool right. Windows Terminal is GPU accelerated ¯\_(ツ)_/¯ . Will allow for transparent windows, emojis, and new fonts.

As of today there are no pre-built binaries of Windows Terminal from Microsoft, that’s planned for sometime in Winter 2019 (that’s Northern Winter people), only the source code is up on GitHub. 1.0 release isn’t planned till at least the end of the year. The code is still very Alpha but never the less I decided to see what’s involved in building and running Windows Terminal on Windows 10.

Below I listed the steps and process I took to build and run Windows Terminal if anyone is interested in trying it out themselves. There’s a number of prerequisites required but nothing to difficult.

Prerequisites

Windows 10 (Build 1903)
As of today (May 2019) you need to be in the Windows Insider program to get this version. You’ll need to enable this inside of Windows 10 and download the latest build.

Visual Studio 2017 or newer
You can probably use a different IDE though I ended up using the community edition of Visual Studio 2019 which is a free download. Microsoft specifically calls out a few packages that you need if you’re running Visual Studio.

  • Desktop Development with C++
    • If you’re running VS2019, you’ll also need to install the following Individual Components:
      • MSVC v141 -- VS 2017 C++ (x86 and x64) build tools
      • C++ ATL for v141 build tools (x86 and x64)
  • Universal Windows Platform Development
    • Also install the following Individual Component:
      • C++ (v141) Universal Windows Platform Tools

Developer Mode in Windows 10.

Build and Deploy Process

The first thing you want to do is check that you’re on at least Windows 10 build 1903. You can check this by going to Settings > About. If you’re not on at least this build you can turn on Release Preview by going to Windows Insider Programme under Settings.

Next you want to make sure you’ve enabled Developer mode. You can do this in Settings > For developers

Now we can grab Visual Studio 2019 Community Edition. This is a super small and quick 20 GB download and install. <sarcasm emoji>

Make sure you select the right Workloads and Individual components from the prerequisites above.

Once the install completes comes the fun part of building. Skip the Visual Studio wizard and go to File > New > Repository

Under the Team Explorer window select Clone and enter in the Windows Terminal git path (https://github.com/microsoft/terminal.git). Make sure Recursively Clone Submodules is selected. Windows Terminal relies on git submodules for some of its dependencies. You’ll need around 200 MB to download the repo.

Once the package downloads you may receive an error that some NuGet packages are missing in the Error List. Even if you don’t it’s still probably a good idea to just update the packages.

Go to Tools > NuGet Package Manager > Package Manager Console. Then in the Package Manager Console type in Update-Package -reinstall

Head over to the Solution Explorer window and select Solutions and Folders view and select OpenConsole.sln

We’re now just about ready to build. Up in the top menu bar select Release for the build, x64 for the architecture, and CascadiaPackage for the package to build.

All things being equal we should be ready to now build. Select Build > Build Solution. Initially I had a few fails here, which were all down to available space. You’ll only need around 12 GB for a build to succeed <another sarcasm emoji>. It should take a few minutes and hopefully when complete you get a successful build with no errors. Finally select Build > Deploy Solution.

Once deployed you can find Windows Terminal (Dev Build) on your Start menu which you can now run.

When you first launch Windows Terminal you won’t see any tabs. Pressing CTRL+T will open a second tab and display a pull down menu where you can further select different CLIs. Settings can also be found under this menu which can be modified via a json file. It’s in the profiles.json file you can change transparency, fonts, colours, and of course add new types of CLIs.

Windows Terminal is still very rough around the edges. Microsoft are calling this a very early alpha release and this does show. It is exciting though to see what is coming. Windows Terminal has huge possibilities. I’ll be following it closely over the coming months and looking forward to spewing out emojis all over my terminals. 🙂 😮