diff options
| author | HarmJ0y <will@harmj0y.net> | 2017-06-17 01:33:05 -0400 |
|---|---|---|
| committer | HarmJ0y <will@harmj0y.net> | 2017-06-17 01:33:05 -0400 |
| commit | 7e4d7ee29827061aace38891a8b6622441f27599 (patch) | |
| tree | 61d940221eb138ee887a84e4e41048b3bd4920cc /Recon/PowerView.ps1 | |
| parent | d0e4e270f166ba603051da12019a894a35652134 (diff) | |
| download | PowerSploit-7e4d7ee29827061aace38891a8b6622441f27599.tar.gz PowerSploit-7e4d7ee29827061aace38891a8b6622441f27599.zip | |
Added Sacl enumeration to Get-DomainObjectACL
Diffstat (limited to 'Recon/PowerView.ps1')
| -rwxr-xr-x | Recon/PowerView.ps1 | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index 7842e2c..6dd8414 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -7438,7 +7438,8 @@ function Get-DomainObjectAcl { <# .SYNOPSIS -Returns the ACLs associated with a specific active directory object. +Returns the ACLs associated with a specific active directory object. By default +the DACL for the object(s) is returned, but the SACL can be returned with -Sacl. Author: Will Schroeder (@harmj0y) License: BSD 3-Clause @@ -7450,6 +7451,10 @@ A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC= SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). Wildcards accepted. +.PARAMETER Sacl + +Switch. Return the SACL instead of the DACL for the object (default behavior). + .PARAMETER ResolveGUIDs Switch. Resolve GUIDs to their display names. @@ -7511,6 +7516,12 @@ Enumerate the ACL permissions for all OUs in the domain. .EXAMPLE +Get-DomainOU | Get-DomainObjectAcl -ResolveGUIDs -Sacl + +Enumerate the SACLs for all OUs in the domain, resolving GUIDs. + +.EXAMPLE + $SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force $Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) Get-DomainObjectAcl -Credential $Cred -ResolveGUIDs @@ -7532,6 +7543,9 @@ Custom PSObject with ACL entries. $Identity, [Switch] + $Sacl, + + [Switch] $ResolveGUIDs, [String] @@ -7580,9 +7594,15 @@ Custom PSObject with ACL entries. BEGIN { $SearcherArguments = @{ - 'SecurityMasks' = 'Dacl' 'Properties' = 'samaccountname,ntsecuritydescriptor,distinguishedname,objectsid' } + + if ($PSBoundParameters['Sacl']) { + $SearcherArguments['SecurityMasks'] = 'Sacl' + } + else { + $SearcherArguments['SecurityMasks'] = 'Dacl' + } if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } @@ -7655,8 +7675,7 @@ Custom PSObject with ACL entries. } try { - New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $Object['ntsecuritydescriptor'][0], 0 | Select-Object -Expand DiscretionaryAcl | ForEach-Object { - + New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $Object['ntsecuritydescriptor'][0], 0 | ForEach-Object { if ($PSBoundParameters['Sacl']) {$_.SystemAcl} else {$_.DiscretionaryAcl} } | ForEach-Object { if ($PSBoundParameters['RightsFilter']) { $GuidFilter = Switch ($RightsFilter) { 'ResetPassword' { '00299570-246d-11d0-a768-00aa006e0529' } @@ -7677,7 +7696,6 @@ Custom PSObject with ACL entries. if ($Continue) { $_ | Add-Member NoteProperty 'ActiveDirectoryRights' ([Enum]::ToObject([System.DirectoryServices.ActiveDirectoryRights], $_.AccessMask)) - if ($GUIDs) { # if we're resolving GUIDs, map them them to the resolved hash table $AclProperties = @{} |