diff options
| author | HarmJ0y <HarmJ0y@users.noreply.github.com> | 2016-09-26 17:44:55 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-26 17:44:55 -0400 |
| commit | 8c9c7c84fef03ecf1727f21cd96f3a2c23a8fdda (patch) | |
| tree | dc9ec657ca2c2f00de3e9922dcb5b00788ad3560 | |
| parent | 5e2200bab7aedd092965d84722f3e5a1c0cf4329 (diff) | |
| parent | 8e41548e655a07b8c6f03b08520272a886bd0d26 (diff) | |
| download | PowerSploit-8c9c7c84fef03ecf1727f21cd96f3a2c23a8fdda.tar.gz PowerSploit-8c9c7c84fef03ecf1727f21cd96f3a2c23a8fdda.zip | |
Merge pull request #182 from monoxgas/dev
Service DACL false positive | Request-SPNTicket double hash
| -rw-r--r-- | Privesc/PowerUp.ps1 | 2 | ||||
| -rwxr-xr-x | Recon/PowerView.ps1 | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1 index 977efda..c1b9072 100644 --- a/Privesc/PowerUp.ps1 +++ b/Privesc/PowerUp.ps1 @@ -1404,7 +1404,7 @@ function Test-ServiceDaclPermission { else { ForEach($TargetPermission in $TargetPermissions) { # check permissions || style - if (($ServiceDacl.AccessRights -band $AccessMask[$TargetPermission]) -eq $AccessMask[$TargetPermission]) { + if (($ServiceDacl.AceType -eq 'AccessAllowed') -and ($ServiceDacl.AccessRights -band $AccessMask[$TargetPermission]) -eq $AccessMask[$TargetPermission]) { Write-Verbose "Current user has '$TargetPermission' for $IndividualService" $TargetService break diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index 34d9458..f1dd0a9 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -1382,6 +1382,7 @@ function Request-SPNTicket { [System.Collections.ArrayList]$Parts = ($TicketHexStream -replace '^(.*?)04820...(.*)','$2') -Split "A48201" $Parts.RemoveAt($Parts.Count - 1) $Parts -join "A48201" + break } } } |