diff options
| author | Will <HarmJ0y@users.noreply.github.com> | 2017-04-26 14:10:47 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-26 14:10:47 -0700 |
| commit | 92e17e5331b550570a151631e082d46a5194eadd (patch) | |
| tree | 6854cd08a070881a01a84665f49b740b29a7caf7 /Recon/PowerView.ps1 | |
| parent | cfc0b647b1de52636701e02f773b2959c211bb34 (diff) | |
| parent | 6927a26940fdfaf4a7508a22a88572363c8b997c (diff) | |
| download | PowerSploit-92e17e5331b550570a151631e082d46a5194eadd.tar.gz PowerSploit-92e17e5331b550570a151631e082d46a5194eadd.zip | |
Merge pull request #214 from mbrancato/dev
Fix for impersonation in Get-NetLocalGroup*
Diffstat (limited to 'Recon/PowerView.ps1')
| -rwxr-xr-x | Recon/PowerView.ps1 | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index 83c1ae2..c003d8e 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -12149,8 +12149,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx ) BEGIN { - if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) { - Write-Warning "[Get-NetLocalGroup] -Credential is only compatible with '-Method WinNT'" + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential } } @@ -12203,12 +12203,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx } else { # otherwise we're using the WinNT service provider - if ($Credential -ne [Management.Automation.PSCredential]::Empty) { - $ComputerProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer,computer", $Credential.UserName, $Credential.GetNetworkCredential().Password) - } - else { - $ComputerProvider = [ADSI]"WinNT://$Computer,computer" - } + $ComputerProvider = [ADSI]"WinNT://$Computer,computer" $ComputerProvider.psbase.children | Where-Object { $_.psbase.schemaClassName -eq 'group' } | ForEach-Object { $LocalGroup = ([ADSI]$_) @@ -12223,6 +12218,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx } } } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } } @@ -12354,8 +12355,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx ) BEGIN { - if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) { - Write-Warning "[Get-NetLocalGroupMember] -Credential is only compatible with '-Method WinNT'" + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential } } @@ -12449,12 +12450,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx else { # otherwise we're using the WinNT service provider try { - if ($Credential -ne [Management.Automation.PSCredential]::Empty) { - $GroupProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer/$GroupName,group", $Credential.UserName, $Credential.GetNetworkCredential().Password) - } - else { - $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group" - } + $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group" $GroupProvider.psbase.Invoke('Members') | ForEach-Object { @@ -12539,6 +12535,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx } } } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } } |