diff options
| author | HarmJ0y <will@harmj0y.net> | 2017-09-17 12:03:22 -0700 |
|---|---|---|
| committer | HarmJ0y <will@harmj0y.net> | 2017-09-17 12:03:22 -0700 |
| commit | a4a3ae549251275d9fa282bb32f66a2915491fde (patch) | |
| tree | 5fcc2112de8ce19296f7f8dca2fd8c3061608c17 | |
| parent | 428d9061a4275b0f996eeae19239472766602e60 (diff) | |
| download | PowerSploit-a4a3ae549251275d9fa282bb32f66a2915491fde.tar.gz PowerSploit-a4a3ae549251275d9fa282bb32f66a2915491fde.zip | |
Fixed New-ADObjectAccessControlEntry so -PrincipalIdentity now accepts built-in sids.
| -rwxr-xr-x | Recon/PowerView.ps1 | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index 89557ee..a9146fa 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -7679,22 +7679,29 @@ System.Security.AccessControl.AuthorizationRule ) Begin { - $PrincipalSearcherArguments = @{ - 'Identity' = $PrincipalIdentity - 'Properties' = 'distinguishedname,objectsid' + if ($PrincipalIdentity -notmatch '^S-1-.*') { + $PrincipalSearcherArguments = @{ + 'Identity' = $PrincipalIdentity + 'Properties' = 'distinguishedname,objectsid' + } + if ($PSBoundParameters['PrincipalDomain']) { $PrincipalSearcherArguments['Domain'] = $PrincipalDomain } + if ($PSBoundParameters['Server']) { $PrincipalSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $PrincipalSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $PrincipalSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $PrincipalSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $PrincipalSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $PrincipalSearcherArguments['Credential'] = $Credential } + $Principal = Get-DomainObject @PrincipalSearcherArguments + if (-not $Principal) { + throw "Unable to resolve principal: $PrincipalIdentity" + } + elseif($Principal.Count -gt 1) { + throw "PrincipalIdentity matches multiple AD objects, but only one is allowed" + } + $ObjectSid = $Principal.objectsid } - if ($PSBoundParameters['PrincipalDomain']) { $PrincipalSearcherArguments['Domain'] = $PrincipalDomain } - if ($PSBoundParameters['Server']) { $PrincipalSearcherArguments['Server'] = $Server } - if ($PSBoundParameters['SearchScope']) { $PrincipalSearcherArguments['SearchScope'] = $SearchScope } - if ($PSBoundParameters['ResultPageSize']) { $PrincipalSearcherArguments['ResultPageSize'] = $ResultPageSize } - if ($PSBoundParameters['ServerTimeLimit']) { $PrincipalSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } - if ($PSBoundParameters['Tombstone']) { $PrincipalSearcherArguments['Tombstone'] = $Tombstone } - if ($PSBoundParameters['Credential']) { $PrincipalSearcherArguments['Credential'] = $Credential } - $Principal = Get-DomainObject @PrincipalSearcherArguments - if (-not $Principal) { - throw "Unable to resolve principal: $PrincipalIdentity" - } elseif($Principal.Count -gt 1) { - throw "PrincipalIdentity matches multiple AD objects, but only one is allowed" + else { + $ObjectSid = $PrincipalIdentity } $ADRight = 0 @@ -7703,7 +7710,7 @@ System.Security.AccessControl.AuthorizationRule } $ADRight = [System.DirectoryServices.ActiveDirectoryRights]$ADRight - $Identity = [System.Security.Principal.IdentityReference] ([System.Security.Principal.SecurityIdentifier]$Principal.objectsid) + $Identity = [System.Security.Principal.IdentityReference] ([System.Security.Principal.SecurityIdentifier]$ObjectSid) } Process { |