diff options
| author | Harmj0y <will@harmj0y.net> | 2016-03-09 16:23:27 -0500 |
|---|---|---|
| committer | Harmj0y <will@harmj0y.net> | 2016-03-09 16:23:27 -0500 |
| commit | 625705781e52600d67d427df962d664edb5be425 (patch) | |
| tree | 580786d2f2797ebac79eb7efd591ad8688e55e72 | |
| parent | 2e0197603c29361d70a129eff5d5c219c054b430 (diff) | |
| download | PowerSploit-625705781e52600d67d427df962d664edb5be425.tar.gz PowerSploit-625705781e52600d67d427df962d664edb5be425.zip | |
fix for Find-GPOComputerAdmin
| -rw-r--r-- | Recon/PowerView.ps1 | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index f5c0d07..39e032e 100644 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -6191,7 +6191,6 @@ function Find-GPOLocation { } } - Write-Verbose "GPOgroups: $GPOgroups" $ProcessedGUIDs = @{} # process the matches and build the result objects @@ -6424,10 +6423,23 @@ function Find-GPOComputerAdmin { # for each found GPO group, resolve the SIDs of the members $GPOgroups | Where-Object {$_} | Foreach-Object { $GPO = $_ + + if ($GPO.members) { + $GPO.members = $GPO.members | Where-Object {$_} | ForEach-Object { + if($_ -match '^S-1-.*') { + $_ + } + else { + # if there are any plain group names, try to resolve them to sids + (Convert-NameToSid -ObjectName $_ -Domain $Domain).SID + } + } | Sort-Object -Unique + } + $GPO.members | Foreach-Object { - # resolvethis SID to a domain object - $Object = Get-ADObject -Domain $Domain -DomainController $DomainController $_ -PageSize $PageSize + # resolve this SID to a domain object + $Object = Get-ADObject -Domain $Domain -DomainController $DomainController -PageSize $PageSize -SID $_ $GPOComputerAdmin = New-Object PSObject $GPOComputerAdmin | Add-Member Noteproperty 'ComputerName' $ComputerName |