PoshCode Archive  Artifact [bb2aa761f0]

Artifact bb2aa761f0fb0d19aa2ab91308e5a72c10fe4ce13da7736c01c0d720dab99665:

  • File Convert-Raw-SID-to-SID.ps1 — part of check-in [7f6956ffbf] at 2018-06-10 13:24:46 on branch trunk — This scripts converts Raw SID such as 010500000000000515000000A065CF7E784B9B5FE77C8770091C0100 into a standard SID output such as S-1-5-21-2127521184-1604012920-1887927527-72713 (user: Francisco Puig D size: 2074)

# encoding: ascii
# api: powershell
# title: Convert Raw SID to SID
# description: This scripts converts Raw SID such as 010500000000000515000000A065CF7E784B9B5FE77C8770091C0100 into a standard SID output such as S-1-5-21-2127521184-1604012920-1887927527-72713
# version: 0.1
# type: function
# author: Francisco Puig D
# license: CC0
# function: Convert-HEXtoDEC
# x-poshcode-id: 3385
# x-archived: 2017-02-05T12:25:29
# x-published: 2013-04-27T03:01:00
#For intel concerning how to convert raw hex SID to Standard  SID got to

#to convert Hex to Dec
function Convert-HEXtoDEC
ForEach ($value in $HEX)

#to reassort decimal values to correct hex in order to cenvert them
function Reassort
$a = $chaine.substring(0,2)
$b = $chaine.substring(2,2)
$c = $chaine.substring(4,2)
$d = $chaine.substring(6,2)

# this is the main function
# it splits the waxw sid into different parts and then converts the values
# finally it brings the converted SID value.
# you can supply an array of raw sid
function ConvertSID
foreach($chaine in $chaine32) {
    [INT]$SID_Revision = $chaine.substring(0,2)
    [INT]$Identifier_Authority = $chaine.substring(2,2)
    [INT]$Security_NT_Non_unique = Convert-HEXtoDEC(Reassort($chaine.substring(16,8)))
    $chaine1 = $chaine.substring(24,8)
    $chaine2 = $chaine.substring(32,8)
    $chaine3 = $chaine.substring(40,8)
    $chaine4 = $chaine.substring(48,8)
    #"S-1-5-21-" + $MachineID_1 + "-" + $MachineID_2 + "-" + $MachineID_3 + "-" + $UID