diff options
| author | HarmJ0y <will@harmj0y.net> | 2016-05-18 11:10:18 -0400 |
|---|---|---|
| committer | HarmJ0y <will@harmj0y.net> | 2016-05-18 11:10:18 -0400 |
| commit | 666246362fe70ca1b32d3f0b1903f4a523bc4ab6 (patch) | |
| tree | 1d66ef76876cbb5405dbeb1324b6f5f201e1f390 /Recon/PowerView.ps1 | |
| parent | c89f0b99693ffded815c23590bfd042afe192b77 (diff) | |
| parent | 3e936765f5674823a68aa96f7fc100f4fe9c450e (diff) | |
| download | PowerSploit-666246362fe70ca1b32d3f0b1903f4a523bc4ab6.tar.gz PowerSploit-666246362fe70ca1b32d3f0b1903f4a523bc4ab6.zip | |
Merge pull request #140 from Meatballs1/fix_groups_xml
PowerView - Fix Groups.xml Parsing
Diffstat (limited to 'Recon/PowerView.ps1')
| -rw-r--r-- | Recon/PowerView.ps1 | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index d8f4248..c3f8c8b 100644 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -6111,7 +6111,7 @@ function Get-GroupsXML { # so we can cd/dir the new drive $GroupsXMLPath = $RandDrive + ":\" + $FilePath - } + } } process { @@ -6126,21 +6126,21 @@ function Get-GroupsXML { $MemberOf = @() # extract the localgroup sid for memberof - $LocalSid = $_.Properties.GroupSid + $LocalSid = $_.Group.Properties.GroupSid if(!$LocalSid) { - if($_.Properties.groupName -match 'Administrators') { + if($_.Group.Properties.groupName -match 'Administrators') { $LocalSid = 'S-1-5-32-544' } - elseif($_.Properties.groupName -match 'Remote Desktop') { + elseif($_.Group.Properties.groupName -match 'Remote Desktop') { $LocalSid = 'S-1-5-32-555' } else { - $LocalSid = $_.Properties.groupName + $LocalSid = $_.Group.Properties.groupName } } $MemberOf = @($LocalSid) - $_.Properties.members | ForEach-Object { + $_.Group.Properties.members | ForEach-Object { # process each member of the above local group $_ | Select-Object -ExpandProperty Member | Where-Object { $_.action -match 'ADD' } | ForEach-Object { @@ -6163,16 +6163,38 @@ function Get-GroupsXML { } if($ResolveSids) { - $Memberof = $Memberof | ForEach-Object {Convert-SidToName $_} - $Members = $Members | ForEach-Object {Convert-SidToName $_} + $Memberof = $Memberof | ForEach-Object { + $memof = $_ + if ($memof.StartsWith("S-1-")) + { + try { + Convert-SidToName $memof + } catch { + $memof + } + } else { + $memof + } + } + $Members= $Members | ForEach-Object { + $member = $_ + if ($member.StartsWith("S-1-")) + { + try { + Convert-SidToName $member + } catch { + $member + } + } else { + $member + } + } } if($Memberof -isnot [system.array]) {$Memberof = @($Memberof)} if($Members -isnot [system.array]) {$Members = @($Members)} $GPOProperties = @{ - 'GPODisplayName' = $GPODisplayName - 'GPOName' = $GPOName 'GPOPath' = $GroupsXMLPath 'Filters' = $Filters 'MemberOf' = $Memberof |