Merge pull request #136 from andyrobbins/dev

Added name resolution to custom PSObject generated by Invoke-UserHunter.
author: HarmJ0y <will@harmj0y.net> 2016-05-09 21:12:42 -0700
committer: HarmJ0y <will@harmj0y.net> 2016-05-09 21:12:42 -0700
commit: 31ed96d161924ff89cc63cba4a6ce4ab4f88e8e7 (patch)
tree: 361dae2133ff71da11ba9bf08a7bab9570ab46ee /Recon/PowerView.ps1
parent: 6ada127538b7a36db029c6dc8a5cd9d38ae7a968 (diff)
parent: 9f7906280d4eca7717892d9ec0af3c3f5ddef015 (diff)
download: PowerSploit-31ed96d161924ff89cc63cba4a6ce4ab4f88e8e7.tar.gz
PowerSploit-31ed96d161924ff89cc63cba4a6ce4ab4f88e8e7.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index b62f245..6c0d896 100644
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -9646,6 +9646,26 @@ function Invoke-UserHunter {
                                 $FoundUser | Add-Member Noteproperty 'IPAddress' $IPAddress
                                 $FoundUser | Add-Member Noteproperty 'SessionFrom' $CName
 
+                                # Try to resolve the DNS hostname of $Cname
+                                if ($Cname -match '[a-zA-Z]') {
+                                    Try {
+                                        $CNameDNSName = [System.Net.Dns]::GetHostByName($CName).Hostname
+                                    }
+                                    Catch {
+                                        $CNameDNSName = $Cname
+                                    }
+                                    $FoundUser | Add-Member NoteProperty 'SessionFromName' $CnameDNSName
+                                }
+                                else {
+                                    Try {
+                                        $CNameDNSName = [System.Net.Dns]::Resolve($Cname).HostName
+                                    }
+                                    Catch {
+                                        $CNameDNSName = $Cname
+                                    }
+                                    $FoundUser | Add-Member NoteProperty 'SessionFromName' $CnameDNSName
+                                }
+
                                 # see if we're checking to see if we have local admin access on this machine
                                 if ($CheckAccess) {
                                     $Admin = Invoke-CheckLocalAdminAccess -ComputerName $CName
author	HarmJ0y <will@harmj0y.net>	2016-05-09 21:12:42 -0700
committer	HarmJ0y <will@harmj0y.net>	2016-05-09 21:12:42 -0700
commit	31ed96d161924ff89cc63cba4a6ce4ab4f88e8e7 (patch)
tree	361dae2133ff71da11ba9bf08a7bab9570ab46ee /Recon/PowerView.ps1
parent	6ada127538b7a36db029c6dc8a5cd9d38ae7a968 (diff)
parent	9f7906280d4eca7717892d9ec0af3c3f5ddef015 (diff)
download	PowerSploit-31ed96d161924ff89cc63cba4a6ce4ab4f88e8e7.tar.gz PowerSploit-31ed96d161924ff89cc63cba4a6ce4ab4f88e8e7.zip