diff options
| author | Harmj0y <will@harmj0y.net> | 2016-03-09 15:37:38 -0500 |
|---|---|---|
| committer | Harmj0y <will@harmj0y.net> | 2016-03-09 15:37:38 -0500 |
| commit | 2e0197603c29361d70a129eff5d5c219c054b430 (patch) | |
| tree | 6154998da08d7ceb5dda19743ac2086b291bcbb8 /Recon/PowerView.ps1 | |
| parent | 236b16430ced70342d969341b95f15530ae5d7fd (diff) | |
| download | PowerSploit-2e0197603c29361d70a129eff5d5c219c054b430.tar.gz PowerSploit-2e0197603c29361d70a129eff5d5c219c054b430.zip | |
Bug fix for Invoke-EnumerateLocalAdmin
Diffstat (limited to 'Recon/PowerView.ps1')
| -rw-r--r-- | Recon/PowerView.ps1 | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index f01e265..f5c0d07 100644 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -6872,7 +6872,6 @@ function Get-NetLocalGroup { $AdsPath = ($_.GetType().InvokeMember('Adspath', 'GetProperty', $Null, $_, $Null)).Replace('WinNT://', '') # try to translate the NT4 domain to a FQDN if possible - Write-Verbose "AdsPath: $AdsPath" $Name = Convert-ADName -ObjectName $AdsPath -InputType 'NT4' -OutputType 'Canonical' if($Name) { @@ -10639,7 +10638,7 @@ function Find-LocalAdminAccess { Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) Write-Verbose "[*] Enumerating server $Computer ($Counter of $($ComputerName.count))" - Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $Computer, $False, $OutFile, $DomainSID, $TrustGroupsSIDs + Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $Computer, $False } } } @@ -11220,10 +11219,10 @@ function Invoke-EnumerateLocalAdmin { } # if we just want to return cross-trust users - if($DomainSID -and $TrustGroupSIDS) { + if($DomainSID) { # get the local machine SID $LocalSID = ($LocalAdmins | Where-Object { $_.SID -match '.*-500$' }).SID -replace "-500$" - + Write-Verbose "LocalSid for $ComputerName : $LocalSID" # filter out accounts that begin with the machine SID and domain SID # but preserve any groups that have users across a trust ($TrustGroupSIDS) $LocalAdmins = $LocalAdmins | Where-Object { ($TrustGroupsSIDs -contains $_.SID) -or ((-not $_.SID.startsWith($LocalSID)) -and (-not $_.SID.startsWith($DomainSID))) } @@ -11244,7 +11243,7 @@ function Invoke-EnumerateLocalAdmin { } } else { - Write-Verbose "[!] No users returned from $Server" + Write-Verbose "[!] No users returned from $ComputerName" } } } |