Added Set-DomainUserPassword to reset a particular user's password.

Reformatted documentation.

3 files changed, 181 insertions, 183 deletions

diff --git a/docs/Recon/Set-DomainUserPassword.md b/docs/Recon/Set-DomainUserPassword.md
new file mode 100755
index 0000000..1712294
--- /dev/null
+++ b/docs/Recon/Set-DomainUserPassword.md
@@ -0,0 +1,127 @@
+# Set-DomainUserPassword

+

+## SYNOPSIS

+Sets the password for a given user identity and returns the user object.

+

+Author: Will Schroeder (@harmj0y)  

+License: BSD 3-Clause  

+Required Dependencies: Get-PrincipalContext

+

+## SYNTAX

+

+```

+Set-DomainUserPassword [-Identity] <String> -AccountPassword <SecureString> [-Domain <String>]

+ [-Credential <PSCredential>]

+```

+

+## DESCRIPTION

+First binds to the specified domain context using Get-PrincipalContext.

+The bound domain context is then used to search for the specified user -Identity,

+which returns a DirectoryServices.AccountManagement.UserPrincipal object.

+The

+SetPassword() function is then invoked on the user, setting the password to -AccountPassword.

+

+## EXAMPLES

+

+### -------------------------- EXAMPLE 1 --------------------------

+```

+$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force

+```

+

+Set-DomainUserPassword -Identity andy -AccountPassword $UserPassword

+

+Resets the password for 'andy' to the password specified.

+

+### -------------------------- EXAMPLE 2 --------------------------

+```

+$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force

+```

+

+$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword)

+$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force

+Set-DomainUserPassword -Identity andy -AccountPassword $UserPassword -Credential $Cred

+

+Resets the password for 'andy' usering the alternate credentials specified.

+

+## PARAMETERS

+

+### -Identity

+A user SamAccountName (e.g.

+User1), DistinguishedName (e.g.

+CN=user1,CN=Users,DC=testlab,DC=local),

+SID (e.g.

+S-1-5-21-890171859-3433809279-3366196753-1113), or GUID (e.g.

+4c435dd7-dc58-4b14-9a5e-1fdb0e80d201)

+specifying the user to reset the password for.

+

+```yaml

+Type: String

+Parameter Sets: (All)

+Aliases: UserName, UserIdentity, User

+

+Required: True

+Position: 1

+Default value: None

+Accept pipeline input: False

+Accept wildcard characters: False

+```

+

+### -AccountPassword

+Specifies the password to reset the target user's to.

+Mandatory.

+

+```yaml

+Type: SecureString

+Parameter Sets: (All)

+Aliases: Password

+

+Required: True

+Position: Named

+Default value: None

+Accept pipeline input: False

+Accept wildcard characters: False

+```

+

+### -Domain

+Specifies the domain to use to search for the user identity, defaults to the current domain.

+

+```yaml

+Type: String

+Parameter Sets: (All)

+Aliases: 

+

+Required: False

+Position: Named

+Default value: None

+Accept pipeline input: False

+Accept wildcard characters: False

+```

+

+### -Credential

+A \[Management.Automation.PSCredential\] object of alternate credentials

+for connection to the target domain.

+

+```yaml

+Type: PSCredential

+Parameter Sets: (All)

+Aliases: 

+

+Required: False

+Position: Named

+Default value: [Management.Automation.PSCredential]::Empty

+Accept pipeline input: False

+Accept wildcard characters: False

+```

+

+## INPUTS

+

+## OUTPUTS

+

+### DirectoryServices.AccountManagement.UserPrincipal

+

+## NOTES

+

+## RELATED LINKS

+

+[http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/](http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/)

+

diff --git a/docs/Recon/index.md b/docs/Recon/index.md
index acc2627..b3eca5c 100644
--- a/docs/Recon/index.md
+++ b/docs/Recon/index.md
@@ -1,17 +1,3 @@
-To install this module, drop the entire Recon folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.

-

-The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"

-The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"

-

-To use the module, type `Import-Module Recon`

-

-To see the commands imported, type `Get-Command -Module Recon`

-

-For help on each individual command, Get-Help is your friend.

-

-Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.

-

-

 ## PowerView

 

 PowerView is a PowerShell tool to gain network situational awareness on 

diff --git a/docs/index.md b/docs/index.md
index c348b9e..67ddcbc 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,189 +1,74 @@
-### PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:
+## Overview
+PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
 
-## CodeExecution
+### CodeExecution
+Execute code on a target machine.
 
-**Execute code on a target machine.**
+    Invoke-DllInjection - Injects a Dll into the process ID of your choosing.
+    Invoke-ReflectivePEInjection - Reflectively loads a Windows PE file (DLL/EXE) in to the powershell process, or reflectively injects a DLL in to a remote process.
+    Invoke-Shellcode - Injects shellcode into the process ID of your choosing or within PowerShell locally.
+    Invoke-WmiCommand - Executes a PowerShell ScriptBlock on a target computer and returns its formatted output using WMI as a C2 channel
 
-#### `Invoke-DllInjection`
+### ScriptModification
+Modify and/or prepare scripts for execution on a compromised machine.
 
-Injects a Dll into the process ID of your choosing.
+    Out-EncodedCommand - Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
+    Out-CompressedDll - Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
+    Out-EncryptedScript - Encrypts text files/scripts.
+    Remove-Comments - Strips comments and extra whitespace from a script.
 
-#### `Invoke-ReflectivePEInjection`
+### Persistence
 
-Reflectively loads a Windows PE file (DLL/EXE) in to the powershell process, or reflectively injects a DLL in to a remote process.
+Add persistence capabilities to a PowerShell script.
 
-#### `Invoke-Shellcode`
+    New-UserPersistenceOption - Configure user-level persistence options for the Add-Persistence function.
+    New-ElevatedPersistenceOption - Configure elevated persistence options for the Add-Persistence function.
+    Add-Persistence - Add persistence capabilities to a script.
+    Install-SSP - Installs a security support provider (SSP) dll.
+    Get-SecurityPackages - Enumerates all loaded security packages (SSPs).
 
-Injects shellcode into the process ID of your choosing or within PowerShell locally.
+### AntivirusBypass
+AV doesn't stand a chance against PowerShell!
 
-#### `Invoke-WmiCommand`
+    Find-AVSignature - Locates single Byte AV signatures utilizing the same method as DSplit from "class101".
 
-Executes a PowerShell ScriptBlock on a target computer and returns its formatted output using WMI as a C2 channel.
+### Exfiltration
+All your data belong to me!
 
-## ScriptModification
+    Invoke-TokenManipulation - Lists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread.
+    Invoke-CredentialInjection - Create logons with clear-text credentials without triggering a suspicious Event ID 4648 (Explicit Credential Logon).
+    Invoke-NinjaCopy - Copies a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
+    Invoke-Mimikatz - Reflectively loads Mimikatz 2.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any functionality provided with Mimikatz.
+    Get-Keystrokes - Logs keys pressed, time and the active window.
+    Get-GPPPassword - Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
+    Get-GPPAutologon - Retrieves autologon username and password from registry.xml if pushed through Group Policy Preferences.
+    Get-TimedScreenshot - A function that takes screenshots at a regular interval and saves them to a folder.
+    New-VolumeShadowCopy - Creates a new volume shadow copy.
+    Get-VolumeShadowCopy - Lists the device paths of all local volume shadow copies.
+    Mount-VolumeShadowCopy - Mounts a volume shadow copy.
+    Remove-VolumeShadowCopy - Deletes a volume shadow copy.
+    Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials.
+    Out-Minidump - Generates a full-memory minidump of a process.
+    Get-MicrophoneAudio - Records audio from system microphone and saves to disk.
 
-**Modify and/or prepare scripts for execution on a compromised machine.**
+### Mayhem
+Cause general mayhem with PowerShell.
 
-#### `Out-EncodedCommand`
+    Set-MasterBootRecord - Proof of concept code that overwrites the master boot record with the message of your choice.
+    Set-CriticalProcess - Causes your machine to blue screen upon exiting PowerShell.
 
-Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
+### Privesc
+Tools to help with escalating privileges on a target, including PowerUp.
 
-#### `Out-CompressedDll`
+    PowerUp - Clearing house of common privilege escalation checks, along with some weaponization vectors. 
 
-Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
+### Recon
+Tools to aid in the reconnaissance phase of a penetration test, including PowerView.
 
-#### `Out-EncryptedScript`
-
-Encrypts text files/scripts.
-
-#### `Remove-Comments`
-
-Strips comments and extra whitespace from a script. 
-
-## Persistence
-
-**Add persistence capabilities to a PowerShell script**
-
-#### `New-UserPersistenceOption`
-
-Configure user-level persistence options for the Add-Persistence function.
-
-#### `New-ElevatedPersistenceOption`
-
-Configure elevated persistence options for the Add-Persistence function.
-
-#### `Add-Persistence`
-
-Add persistence capabilities to a script.
-
-#### `Install-SSP`
-
-Installs a security support provider (SSP) dll.
-
-#### `Get-SecurityPackages`
-
-Enumerates all loaded security packages (SSPs).
-
-## AntivirusBypass
-
-**AV doesn't stand a chance against PowerShell!**
-
-#### `Find-AVSignature`
-
-Locates single Byte AV signatures utilizing the same method as DSplit from "class101".
-
-## Exfiltration
-
-**All your data belong to me!**
-
-#### `Invoke-TokenManipulation`
-
-Lists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread.
-
-#### `Invoke-CredentialInjection`
-
-Create logons with clear-text credentials without triggering a suspicious Event ID 4648 (Explicit Credential Logon).
-
-#### `Invoke-NinjaCopy`
-
-Copies a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
-
-#### `Invoke-Mimikatz`
-
-Reflectively loads Mimikatz 2.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any functionality provided with Mimikatz.
-
-#### `Get-Keystrokes`
-
-Logs keys pressed, time and the active window.
-
-#### `Get-GPPPassword`
-
-Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
-
-#### `Get-GPPAutologon`
-
-Retrieves autologon username and password from registry.xml if pushed through Group Policy Preferences.
-
-#### `Get-TimedScreenshot`
-
-A function that takes screenshots at a regular interval and saves them to a folder.
-
-#### `New-VolumeShadowCopy`
-
-Creates a new volume shadow copy.
-
-#### `Get-VolumeShadowCopy`
-
-Lists the device paths of all local volume shadow copies.
-
-#### `Mount-VolumeShadowCopy`
-
-Mounts a volume shadow copy.
-
-#### `Remove-VolumeShadowCopy`
-
-Deletes a volume shadow copy.
-
-#### `Get-VaultCredential`
-
-Displays Windows vault credential objects including cleartext web credentials.
-
-#### `Out-Minidump`
-
-Generates a full-memory minidump of a process.
-
-#### 'Get-MicrophoneAudio'
-
-Records audio from system microphone and saves to disk
-
-## Mayhem
-
-**Cause general mayhem with PowerShell.**
-
-#### `Set-MasterBootRecord`
-
-Proof of concept code that overwrites the master boot record with the
- message of your choice.
-
-#### `Set-CriticalProcess`
-
-Causes your machine to blue screen upon exiting PowerShell.
-
-## Privesc
-
-**Tools to help with escalating privileges on a target.**
-
-#### `PowerUp`
-
-Clearing house of common privilege escalation checks, along with some weaponization vectors.
-
-## Recon
-
-**Tools to aid in the reconnaissance phase of a penetration test.**
-
-#### `Invoke-Portscan`
-
-Does a simple port scan using regular sockets, based (pretty) loosely on nmap.
-
-#### `Get-HttpStatus`
-
-Returns the HTTP Status Codes and full URL for specified paths when provided with a dictionary file.
-
-#### `Invoke-ReverseDnsLookup`
-
-Scans an IP address range for DNS PTR records.
-
-#### `PowerView`
-
-PowerView is series of functions that performs network and Windows domain enumeration and exploitation.
-
-## Recon\Dictionaries
-
-**A collection of dictionaries used to aid in the reconnaissance phase of a penetration test. Dictionaries were taken from the following sources.**
-
-* admin.txt - <http://cirt.net/nikto2/>
-* generic.txt - <http://sourceforge.net/projects/yokoso/files/yokoso-0.1/>
-* sharepoint.txt - <http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity-project/>
+    Invoke-Portscan - Does a simple port scan using regular sockets, based (pretty) loosely on nmap.
+    Get-HttpStatus - Returns the HTTP Status Codes and full URL for specified paths when provided with a dictionary file.
+    Invoke-ReverseDnsLookup - Scans an IP address range for DNS PTR records.
+    PowerView - PowerView is series of functions that performs network and Windows domain enumeration and exploitation.
 
 ## License