# Author: Scott Sutherland, NetSPI (@_nullbind / nullbind) function Parse-UserPasswordFromXML { param ( [string]$filePath ) # Load the XML file [xml]$xmlContent = Get-Content -Path $filePath # Define an array to store the user credentials $credentials = @() # Parse basicRegistry user credentials $xmlContent.server.basicRegistry.user | ForEach-Object { $credentials += [pscustomobject]@{ User = $_.name Password = $_.password Source = 'basicRegistry' } } # Parse variable-based credentials (DB_USER and DB_PASS) $dbUser = $xmlContent.server.variable | Where-Object { $_.name -eq "DB_USER" } $dbPass = $xmlContent.server.variable | Where-Object { $_.name -eq "DB_PASS" } if ($dbUser -and $dbPass) { $credentials += [pscustomobject]@{ User = $dbUser.value Password = $dbPass.value Source = 'variable' } } # Parse containerAuthData credentials $xmlContent.server.dataSource.containerAuthData | ForEach-Object { $credentials += [pscustomobject]@{ User = $_.user Password = $_.password Source = 'containerAuthData' } } # Parse authData credentials $xmlContent.server.authData | ForEach-Object { $credentials += [pscustomobject]@{ User = $_.user Password = $_.password Source = 'authData' } } # Return the collected credentials as an array of objects return $credentials } # Example usage: $parsedCredentials = Parse-UserPasswordFromXML -filePath "c:\temp\configs\server.xml" # Display the results $parsedCredentials | Format-Table -AutoSize <# server.xml componenttest-1.0 restConnector-2.0 jdbc-4.2 mpOpenApi-1.0

adminuser

reader

SET CURRENT SCHEMA = APP SET CURRENT SQLID = APP #>