diff options
| author | HarmJ0y <will@harmj0y.net> | 2017-01-11 20:39:57 -0500 |
|---|---|---|
| committer | HarmJ0y <will@harmj0y.net> | 2017-01-11 20:39:57 -0500 |
| commit | 454e04005db7678163a1610080d1dff0782ac35d (patch) | |
| tree | 2fc944d02267ed25623e205a7b94e8f36f231a3c /Recon/PowerView.ps1 | |
| parent | ea60b0e0a4f5e8e1b6a2c2f7f71b62bd777eccdd (diff) | |
| download | PowerSploit-454e04005db7678163a1610080d1dff0782ac35d.tar.gz PowerSploit-454e04005db7678163a1610080d1dff0782ac35d.zip | |
Standardized output from Find-InterestingDomainAcl
Diffstat (limited to 'Recon/PowerView.ps1')
| -rwxr-xr-x | Recon/PowerView.ps1 | 51 |
1 files changed, 40 insertions, 11 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index a65c884..ef9048a 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -7404,11 +7404,26 @@ Custom PSObject with ACL entries. if ($_.SecurityIdentifier.Value -match '^S-1-5-.*-[1-9]\d{3,}$') { if ($ResolvedSIDs[$_.SecurityIdentifier.Value]) { $IdentityReferenceName, $IdentityReferenceDomain, $IdentityReferenceDN, $IdentityReferenceClass = $ResolvedSIDs[$_.SecurityIdentifier.Value] - $_ | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName - $_ | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain - $_ | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN - $_ | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass - $_ + + $InterestingACL = New-Object PSObject + $InterestingACL | Add-Member NoteProperty 'ObjectDN' $_.ObjectDN + $InterestingACL | Add-Member NoteProperty 'AceQualifier' $_.AceQualifier + $InterestingACL | Add-Member NoteProperty 'ActiveDirectoryRights' $_.ActiveDirectoryRights + if ($_.ObjectAceType) { + $InterestingACL | Add-Member NoteProperty 'ObjectAceType' $_.ObjectAceType + } + else { + $InterestingACL | Add-Member NoteProperty 'ObjectAceType' 'None' + } + $InterestingACL | Add-Member NoteProperty 'AceFlags' $_.AceFlags + $InterestingACL | Add-Member NoteProperty 'AceType' $_.AceType + $InterestingACL | Add-Member NoteProperty 'InheritanceFlags' $_.InheritanceFlags + $InterestingACL | Add-Member NoteProperty 'SecurityIdentifier' $_.SecurityIdentifier + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass + $InterestingACL } else { $IdentityReferenceDN = Convert-ADName -Identity $_.SecurityIdentifier.Value -OutputType DN @ADNameArguments @@ -7421,7 +7436,7 @@ Custom PSObject with ACL entries. $ObjectSearcherArguments['Identity'] = $IdentityReferenceDN # "IdentityReferenceDN: $IdentityReferenceDN" $Object = Get-DomainObject @ObjectSearcherArguments - $ObjectSearcherArguments + if ($Object) { $IdentityReferenceName = $Object.Properties.samaccountname[0] if ($Object.Properties.objectclass -match 'computer') { @@ -7440,11 +7455,25 @@ Custom PSObject with ACL entries. # save so we don't look up more than once $ResolvedSIDs[$_.SecurityIdentifier.Value] = $IdentityReferenceName, $IdentityReferenceDomain, $IdentityReferenceDN, $IdentityReferenceClass - $_ | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName - $_ | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain - $_ | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN - $_ | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass - $_ + $InterestingACL = New-Object PSObject + $InterestingACL | Add-Member NoteProperty 'ObjectDN' $_.ObjectDN + $InterestingACL | Add-Member NoteProperty 'AceQualifier' $_.AceQualifier + $InterestingACL | Add-Member NoteProperty 'ActiveDirectoryRights' $_.ActiveDirectoryRights + if ($_.ObjectAceType) { + $InterestingACL | Add-Member NoteProperty 'ObjectAceType' $_.ObjectAceType + } + else { + $InterestingACL | Add-Member NoteProperty 'ObjectAceType' 'None' + } + $InterestingACL | Add-Member NoteProperty 'AceFlags' $_.AceFlags + $InterestingACL | Add-Member NoteProperty 'AceType' $_.AceType + $InterestingACL | Add-Member NoteProperty 'InheritanceFlags' $_.InheritanceFlags + $InterestingACL | Add-Member NoteProperty 'SecurityIdentifier' $_.SecurityIdentifier + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass + $InterestingACL } } else { |