diff options
| author | Jon Cave <jon.cave@mwrinfosecurity.com> | 2017-04-05 14:05:51 +0100 |
|---|---|---|
| committer | Jon Cave <jon.cave@mwrinfosecurity.com> | 2017-04-05 14:05:51 +0100 |
| commit | 08b30627d99592876790aa855b039f0090a2dbf2 (patch) | |
| tree | f6728496e7c7dd9276fe9c555802d63a256c27bb /docs/Privesc/Get-ModifiableService.md | |
| parent | bd6fe64316afe293d6b4cdf095ed3cfb64b6ab25 (diff) | |
| download | PowerSploit-08b30627d99592876790aa855b039f0090a2dbf2.tar.gz PowerSploit-08b30627d99592876790aa855b039f0090a2dbf2.zip | |
Support for DNs containing commas
If an object's distinguished name contains a comma then it ends up quoted:
CN=Smith\, John,OU=Admins,DC=example,DC=com
This breaks a number of functions which attempt to identify DOMAIN\name
by matching on a \ anywhere in the specified identity before checking if
the identity was a DN (or SID or GUID).
For example, attempting to list members of "Domain Admins" using
Get-DomainGroupMember gives the following:
VERBOSE: [Convert-ADName] Error initializing translation for 'CN=Smith\, John,OU=Admins,DC=example,DC=com' : Exception calling "InvokeMember" with "5" argument(s): "The specified domain either does not exist or could not be contacted. (Exception from HRESULT: 0x8007054B)"
VERBOSE: [Convert-ADName] Error translating 'CN=Smith\, John,OU=Admins,DC=example,DC=com' : The specified domain either does not exist or could not be contacted. (Exception from HRESULT: 0x8007054B)
VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (objectClass=*)
The fix implemented here is to perform more specific pattern matching
prior to falling back to looking for a \. The order is SID, DN, GUID,
qualified name (DOMAIN\name), and then plain name.
Diffstat (limited to 'docs/Privesc/Get-ModifiableService.md')
0 files changed, 0 insertions, 0 deletions