Parenthesis escaping for Get-DomainObject DN searches

author: HarmJ0y <will@harmj0y.net> 2017-01-11 18:00:27 -0500
committer: HarmJ0y <will@harmj0y.net> 2017-01-11 18:00:27 -0500
commit: fa1baa64a86bfba58a07bd43faf8c9d37b0e0424 (patch)
tree: 61248b8148a0c5c92a3d1b59e9b2acefacc66ab8 /Recon
parent: d4166f80d4153b175a1e8e2a0f69eca58e04d2f9 (diff)
download: PowerSploit-fa1baa64a86bfba58a07bd43faf8c9d37b0e0424.tar.gz
PowerSploit-fa1baa64a86bfba58a07bd43faf8c9d37b0e0424.zip
1 files changed, 17 insertions, 14 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index 3afa61c..22970ed 100755
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -6071,23 +6071,26 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
                         $ObjectSearcher = Get-DomainSearcher @SearcherArguments
                     }
                 }
-                elseif ($IdentityInstance -match '^S-1-.*') {
-                    $IdentityFilter += "(objectsid=$IdentityInstance)"
-                }
-                elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
-                    $IdentityFilter += "(distinguishedname=$IdentityInstance)"
-                }
                 else {
-                    try {
-                        $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
-                        $IdentityFilter += "(objectguid=$GuidByteString)"
+                    $IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
+                    if ($IdentityInstance -match '^S-1-.*') {
+                        $IdentityFilter += "(objectsid=$IdentityInstance)"
                     }
-                    catch {
-                        if ($IdentityInstance.Contains('.')) {
-                            $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
+                    elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
+                        $IdentityFilter += "(distinguishedname=$IdentityInstance)"
+                    }
+                    else {
+                        try {
+                            $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
+                            $IdentityFilter += "(objectguid=$GuidByteString)"
                         }
-                        else {
-                            $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
+                        catch {
+                            if ($IdentityInstance.Contains('.')) {
+                                $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
+                            }
+                            else {
+                                $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
+                            }
                         }
                     }
                 }
author	HarmJ0y <will@harmj0y.net>	2017-01-11 18:00:27 -0500
committer	HarmJ0y <will@harmj0y.net>	2017-01-11 18:00:27 -0500
commit	fa1baa64a86bfba58a07bd43faf8c9d37b0e0424 (patch)
tree	61248b8148a0c5c92a3d1b59e9b2acefacc66ab8 /Recon
parent	d4166f80d4153b175a1e8e2a0f69eca58e04d2f9 (diff)
download	PowerSploit-fa1baa64a86bfba58a07bd43faf8c9d37b0e0424.tar.gz PowerSploit-fa1baa64a86bfba58a07bd43faf8c9d37b0e0424.zip