diff options
| author | Harmj0y <will@harmj0y.net> | 2015-12-14 19:01:10 -0500 |
|---|---|---|
| committer | Harmj0y <will@harmj0y.net> | 2015-12-14 19:01:10 -0500 |
| commit | 5690b09027b53a5932e42399f6943e03fa32e549 (patch) | |
| tree | 37fe4dd34522190ca205edec69a6d5e1debab951 /Recon | |
| parent | e2993b63aaf09026a11dc3ba2f0ae4a364f27113 (diff) | |
| download | PowerSploit-5690b09027b53a5932e42399f6943e03fa32e549.tar.gz PowerSploit-5690b09027b53a5932e42399f6943e03fa32e549.zip | |
Get-NetDomain now not called if -ComputerName or -ComputerFile are passed for meta functions, in order to prevent failure when running on a non-domain joined machine
took out FQDN Pester tests from Recon.tests.ps1 that used $env:userdnsdomain
Diffstat (limited to 'Recon')
| -rw-r--r-- | Recon/PowerView.ps1 | 230 |
1 files changed, 122 insertions, 108 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index 46285f4..57a5789 100644 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -7914,32 +7914,33 @@ function Invoke-UserHunter { Write-Verbose "[*] Running Invoke-UserHunter with delay of $Delay" - if($Domain) { - $TargetDomains = @($Domain) - } - elseif($SearchForest) { - # get ALL the domains in the forest to search - $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name } - } - else { - # use the local domain - $TargetDomains = @( (Get-NetDomain).name ) - } - ##################################################### # # First we build the host target set # ##################################################### + if($ComputerFile) { + # if we're using a host list, read the targets in and add them to the target list + $ComputerName = Get-Content -Path $ComputerFile + } + if(!$ComputerName) { [Array]$ComputerName = @() - - if($ComputerFile) { - # if we're using a host list, read the targets in and add them to the target list - $ComputerName = Get-Content -Path $ComputerFile + + if($Domain) { + $TargetDomains = @($Domain) + } + elseif($SearchForest) { + # get ALL the domains in the forest to search + $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name } } - elseif($Stealth) { + else { + # use the local domain + $TargetDomains = @( (Get-NetDomain).name ) + } + + if($Stealth) { Write-Verbose "Stealth mode! Enumerating commonly used servers" Write-Verbose "Stealth source: $StealthSource" @@ -8020,7 +8021,12 @@ function Invoke-UserHunter { elseif($UserName) { Write-Verbose "[*] Using target user '$UserName'..." $User = New-Object PSObject - $User | Add-Member Noteproperty 'MemberDomain' $TargetDomains[0] + if($TargetDomains) { + $User | Add-Member Noteproperty 'MemberDomain' $TargetDomains[0] + } + else { + $User | Add-Member Noteproperty 'MemberDomain' $Null + } $User | Add-Member Noteproperty 'MemberName' $UserName.ToLower() $TargetUsers = @($User) } @@ -8028,7 +8034,12 @@ function Invoke-UserHunter { elseif($UserFile) { $TargetUsers = Get-Content -Path $UserFile | ForEach-Object { $User = New-Object PSObject - $User | Add-Member Noteproperty 'MemberDomain' $TargetDomains[0] + if($TargetDomains) { + $User | Add-Member Noteproperty 'MemberDomain' $TargetDomains[0] + } + else { + $User | Add-Member Noteproperty 'MemberDomain' $Null + } $User | Add-Member Noteproperty 'MemberName' $_ $User } | Where-Object {$_} @@ -8507,37 +8518,37 @@ function Invoke-ProcessHunter { Write-Verbose "[*] Running Invoke-ProcessHunter with delay of $Delay" - if($Domain) { - $TargetDomains = @($Domain) - } - elseif($SearchForest) { - # get ALL the domains in the forest to search - $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name } - } - else { - # use the local domain - $TargetDomains = @( (Get-NetDomain).name ) - } - ##################################################### # # First we build the host target set # ##################################################### + # if we're using a host list, read the targets in and add them to the target list + if($ComputerFile) { + $ComputerName = Get-Content -Path $ComputerFile + } + if(!$ComputerName) { - # if we're using a host list, read the targets in and add them to the target list - if($ComputerFile) { - $ComputerName = Get-Content -Path $ComputerFile + [array]$ComputerName = @() + + if($Domain) { + $TargetDomains = @($Domain) + } + elseif($SearchForest) { + # get ALL the domains in the forest to search + $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name } } else { - [array]$ComputerName = @() - ForEach ($Domain in $TargetDomains) { - Write-Verbose "[*] Querying domain $Domain for hosts" - $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath - } + # use the local domain + $TargetDomains = @( (Get-NetDomain).name ) } + ForEach ($Domain in $TargetDomains) { + Write-Verbose "[*] Querying domain $Domain for hosts" + $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath + } + # remove any null target hosts, uniquify the list and shuffle it $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random } if($($ComputerName.Count) -eq 0) { @@ -9178,7 +9189,13 @@ function Invoke-ShareFinder { $ExcludedShares = @('', "ADMIN$", "IPC$", "C$", "PRINT$") } + # if we're using a host file list, read the targets in and add them to the target list + if($ComputerFile) { + $ComputerName = Get-Content -Path $ComputerFile + } + if(!$ComputerName) { + [array]$ComputerName = @() if($Domain) { $TargetDomains = @($Domain) @@ -9191,19 +9208,12 @@ function Invoke-ShareFinder { # use the local domain $TargetDomains = @( (Get-NetDomain).name ) } - - # if we're using a host file list, read the targets in and add them to the target list - if($ComputerFile) { - $ComputerName = Get-Content -Path $ComputerFile - } - else { - [array]$ComputerName = @() - ForEach ($Domain in $TargetDomains) { - Write-Verbose "[*] Querying domain $Domain for hosts" - $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath - } + + ForEach ($Domain in $TargetDomains) { + Write-Verbose "[*] Querying domain $Domain for hosts" + $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath } - + # remove any null target hosts, uniquify the list and shuffle it $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random } if($($ComputerName.count) -eq 0) { @@ -9621,18 +9631,6 @@ function Invoke-FileFinder { } } - if($Domain) { - $TargetDomains = @($Domain) - } - elseif($SearchForest) { - # get ALL the domains in the forest to search - $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name } - } - else { - # use the local domain - $TargetDomains = @( (Get-NetDomain).name ) - } - # if we're hard-passed a set of shares if($ShareList) { ForEach ($Item in Get-Content -Path $ShareList) { @@ -9643,34 +9641,51 @@ function Invoke-FileFinder { } } } - if($SearchSYSVOL) { - ForEach ($Domain in $TargetDomains) { - $DCSearchPath = "\\$Domain\SYSVOL\" - Write-Verbose "[*] Adding share search path $DCSearchPath" - $Shares += $DCSearchPath - } - if(!$Terms) { - # search for interesting scripts on SYSVOL - $Terms = @('.vbs', '.bat', '.ps1') - } - } else { - # if we're using a host list, read the targets in and add them to the target list + # if we're using a host file list, read the targets in and add them to the target list if($ComputerFile) { $ComputerName = Get-Content -Path $ComputerFile } - else { - [array]$ComputerName = @() - ForEach ($Domain in $TargetDomains) { - Write-Verbose "[*] Querying domain $Domain for hosts" - $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController + + if(!$ComputerName) { + + if($Domain) { + $TargetDomains = @($Domain) + } + elseif($SearchForest) { + # get ALL the domains in the forest to search + $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name } + } + else { + # use the local domain + $TargetDomains = @( (Get-NetDomain).name ) } - } - # remove any null target hosts, uniquify the list and shuffle it - $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random } - if($($ComputerName.Count) -eq 0) { - throw "No hosts found!" + if($SearchSYSVOL) { + ForEach ($Domain in $TargetDomains) { + $DCSearchPath = "\\$Domain\SYSVOL\" + Write-Verbose "[*] Adding share search path $DCSearchPath" + $Shares += $DCSearchPath + } + if(!$Terms) { + # search for interesting scripts on SYSVOL + $Terms = @('.vbs', '.bat', '.ps1') + } + } + else { + [array]$ComputerName = @() + + ForEach ($Domain in $TargetDomains) { + Write-Verbose "[*] Querying domain $Domain for hosts" + $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController + } + + # remove any null target hosts, uniquify the list and shuffle it + $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random } + if($($ComputerName.Count) -eq 0) { + throw "No hosts found!" + } + } } } @@ -9953,8 +9968,15 @@ function Find-LocalAdminAccess { $RandNo = New-Object System.Random Write-Verbose "[*] Running Find-LocalAdminAccess with delay of $Delay" - + + # if we're using a host list, read the targets in and add them to the target list + if($ComputerFile) { + $ComputerName = Get-Content -Path $ComputerFile + } + if(!$ComputerName) { + [array]$ComputerName = @() + if($Domain) { $TargetDomains = @($Domain) } @@ -9967,18 +9989,11 @@ function Find-LocalAdminAccess { $TargetDomains = @( (Get-NetDomain).name ) } - # if we're using a host list, read the targets in and add them to the target list - if($ComputerFile) { - $ComputerName = Get-Content -Path $ComputerFile - } - else { - [array]$ComputerName = @() - ForEach ($Domain in $TargetDomains) { - Write-Verbose "[*] Querying domain $Domain for hosts" - $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController - } + ForEach ($Domain in $TargetDomains) { + Write-Verbose "[*] Querying domain $Domain for hosts" + $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController } - + # remove any null target hosts, uniquify the list and shuffle it $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random } if($($ComputerName.Count) -eq 0) { @@ -10521,7 +10536,13 @@ function Invoke-EnumerateLocalAdmin { Write-Verbose "[*] Running Invoke-EnumerateLocalAdmin with delay of $Delay" + # if we're using a host list, read the targets in and add them to the target list + if($ComputerFile) { + $ComputerName = Get-Content -Path $ComputerFile + } + if(!$ComputerName) { + [array]$ComputerName = @() if($Domain) { $TargetDomains = @($Domain) @@ -10535,18 +10556,11 @@ function Invoke-EnumerateLocalAdmin { $TargetDomains = @( (Get-NetDomain).name ) } - # if we're using a host list, read the targets in and add them to the target list - if($ComputerFile) { - $ComputerName = Get-Content -Path $ComputerFile - } - else { - [array]$ComputerName = @() - ForEach ($Domain in $TargetDomains) { - Write-Verbose "[*] Querying domain $Domain for hosts" - $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController - } + ForEach ($Domain in $TargetDomains) { + Write-Verbose "[*] Querying domain $Domain for hosts" + $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController } - + # remove any null target hosts, uniquify the list and shuffle it $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random } if($($ComputerName.Count) -eq 0) { |