Get-DomainGPO - fixed enumerations of 'enforced' GPOs, and

bug fix for nested OUs with similar starting names.
author: HarmJ0y <will@harmj0y.net> 2017-04-28 00:56:52 -0400
committer: HarmJ0y <will@harmj0y.net> 2017-04-28 00:56:52 -0400
commit: 095988269bfaafcb3cb0ab050cc782b98fd582ac (patch)
tree: c6ae893c9800f6c7856efd9ede66a305796a47a6
parent: 27747f982ce6b5679d08dbad6a663d2ae66ceecc (diff)
download: PowerSploit-095988269bfaafcb3cb0ab050cc782b98fd582ac.tar.gz
PowerSploit-095988269bfaafcb3cb0ab050cc782b98fd582ac.zip
1 files changed, 20 insertions, 5 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index b40989d..c6cb5ff 100755
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -11164,7 +11164,7 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
                 $ObjectOUs = @()
                 $ObjectOUs += $ObjectDN.split(',') | ForEach-Object {
                     if($_.startswith('OU=')) {
-                        $ObjectDN.SubString($ObjectDN.IndexOf($_))
+                        $ObjectDN.SubString($ObjectDN.IndexOf("$($_),"))
                     }
                 }
                 Write-Verbose "[Get-DomainGPO] object OUs: $ObjectOUs"
@@ -11174,13 +11174,28 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
                     $SearcherArguments.Remove('Properties')
                     $InheritanceDisabled = $False
                     ForEach($ObjectOU in $ObjectOUs) {
-                        if ($InheritanceDisabled) { break }
                         $SearcherArguments['Identity'] = $ObjectOU
                         $GPOAdsPaths += Get-DomainOU @SearcherArguments | ForEach-Object {
                             # extract any GPO links for this particular OU the computer is a part of
-                            $_.gplink.split('][') | ForEach-Object {
-                                if ($_.startswith('LDAP')) {
-                                    $_.split(';')[0]
+                            if ($_.gplink) {
+                                $_.gplink.split('][') | ForEach-Object {
+                                    if ($_.startswith('LDAP')) {
+                                        $Parts = $_.split(';')
+                                        $GpoDN = $Parts[0]
+                                        $Enforced = $Parts[1]
+
+                                        if ($InheritanceDisabled) {
+                                            # if inheritance has already been disabled and this GPO is set as "enforced"
+                                            #   then add it, otherwise ignore it
+                                            if ($Enforced -eq 2) {
+                                                $GpoDN
+                                            }
+                                        }
+                                        else {
+                                            # inheritance not marked as disabled yet
+                                            $GpoDN
+                                        }
+                                    }
                                 }
                             }
author	HarmJ0y <will@harmj0y.net>	2017-04-28 00:56:52 -0400
committer	HarmJ0y <will@harmj0y.net>	2017-04-28 00:56:52 -0400
commit	095988269bfaafcb3cb0ab050cc782b98fd582ac (patch)
tree	c6ae893c9800f6c7856efd9ede66a305796a47a6
parent	27747f982ce6b5679d08dbad6a663d2ae66ceecc (diff)
download	PowerSploit-095988269bfaafcb3cb0ab050cc782b98fd582ac.tar.gz PowerSploit-095988269bfaafcb3cb0ab050cc782b98fd582ac.zip