Added name resolution to custom PSObject generated by Invoke-UserHunter.

author: Andy Robbins <robbins.andy@gmail.com> 2016-05-10 00:01:38 -0400
committer: Andy Robbins <robbins.andy@gmail.com> 2016-05-10 00:01:38 -0400
commit: 9f7906280d4eca7717892d9ec0af3c3f5ddef015 (patch)
tree: 361dae2133ff71da11ba9bf08a7bab9570ab46ee /Recon/PowerView.ps1
parent: 6ada127538b7a36db029c6dc8a5cd9d38ae7a968 (diff)
download: PowerSploit-9f7906280d4eca7717892d9ec0af3c3f5ddef015.tar.gz
PowerSploit-9f7906280d4eca7717892d9ec0af3c3f5ddef015.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index b62f245..6c0d896 100644
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -9646,6 +9646,26 @@ function Invoke-UserHunter {
                                 $FoundUser | Add-Member Noteproperty 'IPAddress' $IPAddress
                                 $FoundUser | Add-Member Noteproperty 'SessionFrom' $CName
 
+                                # Try to resolve the DNS hostname of $Cname
+                                if ($Cname -match '[a-zA-Z]') {
+                                    Try {
+                                        $CNameDNSName = [System.Net.Dns]::GetHostByName($CName).Hostname
+                                    }
+                                    Catch {
+                                        $CNameDNSName = $Cname
+                                    }
+                                    $FoundUser | Add-Member NoteProperty 'SessionFromName' $CnameDNSName
+                                }
+                                else {
+                                    Try {
+                                        $CNameDNSName = [System.Net.Dns]::Resolve($Cname).HostName
+                                    }
+                                    Catch {
+                                        $CNameDNSName = $Cname
+                                    }
+                                    $FoundUser | Add-Member NoteProperty 'SessionFromName' $CnameDNSName
+                                }
+
                                 # see if we're checking to see if we have local admin access on this machine
                                 if ($CheckAccess) {
                                     $Admin = Invoke-CheckLocalAdminAccess -ComputerName $CName
author	Andy Robbins <robbins.andy@gmail.com>	2016-05-10 00:01:38 -0400
committer	Andy Robbins <robbins.andy@gmail.com>	2016-05-10 00:01:38 -0400
commit	9f7906280d4eca7717892d9ec0af3c3f5ddef015 (patch)
tree	361dae2133ff71da11ba9bf08a7bab9570ab46ee /Recon/PowerView.ps1
parent	6ada127538b7a36db029c6dc8a5cd9d38ae7a968 (diff)
download	PowerSploit-9f7906280d4eca7717892d9ec0af3c3f5ddef015.tar.gz PowerSploit-9f7906280d4eca7717892d9ec0af3c3f5ddef015.zip