diff options
| author | Meatballs <eat_meatballs@hotmail.co.uk> | 2016-05-12 21:03:20 +0100 |
|---|---|---|
| committer | Meatballs <eat_meatballs@hotmail.co.uk> | 2016-05-12 21:03:20 +0100 |
| commit | 3e936765f5674823a68aa96f7fc100f4fe9c450e (patch) | |
| tree | 566240625b44f71067d166d835ee6717835c3e4c /Recon | |
| parent | eec3704f40f457bde6a5c5d1bb7c93c463e2e0ac (diff) | |
| download | PowerSploit-3e936765f5674823a68aa96f7fc100f4fe9c450e.tar.gz PowerSploit-3e936765f5674823a68aa96f7fc100f4fe9c450e.zip | |
Fix groupsxml parsing
Diffstat (limited to 'Recon')
| -rw-r--r-- | Recon/PowerView.ps1 | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index bc52035..6763acf 100644 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -6091,7 +6091,7 @@ function Get-GroupsXML { # so we can cd/dir the new drive $GroupsXMLPath = $RandDrive + ":\" + $FilePath - } + } } process { @@ -6106,21 +6106,21 @@ function Get-GroupsXML { $MemberOf = @() # extract the localgroup sid for memberof - $LocalSid = $_.Properties.GroupSid + $LocalSid = $_.Group.Properties.GroupSid if(!$LocalSid) { - if($_.Properties.groupName -match 'Administrators') { + if($_.Group.Properties.groupName -match 'Administrators') { $LocalSid = 'S-1-5-32-544' } - elseif($_.Properties.groupName -match 'Remote Desktop') { + elseif($_.Group.Properties.groupName -match 'Remote Desktop') { $LocalSid = 'S-1-5-32-555' } else { - $LocalSid = $_.Properties.groupName + $LocalSid = $_.Group.Properties.groupName } } $MemberOf = @($LocalSid) - $_.Properties.members | ForEach-Object { + $_.Group.Properties.members | ForEach-Object { # process each member of the above local group $_ | Select-Object -ExpandProperty Member | Where-Object { $_.action -match 'ADD' } | ForEach-Object { @@ -6143,16 +6143,38 @@ function Get-GroupsXML { } if($ResolveSids) { - $Memberof = $Memberof | ForEach-Object {Convert-SidToName $_} - $Members = $Members | ForEach-Object {Convert-SidToName $_} + $Memberof = $Memberof | ForEach-Object { + $memof = $_ + if ($memof.StartsWith("S-1-")) + { + try { + Convert-SidToName $memof + } catch { + $memof + } + } else { + $memof + } + } + $Members= $Members | ForEach-Object { + $member = $_ + if ($member.StartsWith("S-1-")) + { + try { + Convert-SidToName $member + } catch { + $member + } + } else { + $member + } + } } if($Memberof -isnot [system.array]) {$Memberof = @($Memberof)} if($Members -isnot [system.array]) {$Members = @($Members)} $GPOProperties = @{ - 'GPODisplayName' = $GPODisplayName - 'GPOName' = $GPOName 'GPOPath' = $GroupsXMLPath 'Filters' = $Filters 'MemberOf' = $Memberof |