diff options
| -rw-r--r-- | Privesc/PowerUp.ps1 | 11 | ||||
| -rwxr-xr-x | Recon/PowerView.ps1 | 14 |
2 files changed, 12 insertions, 13 deletions
diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1 index 2466975..977efda 100644 --- a/Privesc/PowerUp.ps1 +++ b/Privesc/PowerUp.ps1 @@ -974,17 +974,16 @@ function Get-CurrentUserTokenGroupSid { $Success = $Advapi32::OpenProcessToken($CurrentProcess, $TOKEN_QUERY, [ref]$hProcToken);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() if($Success) { - - $TokenGroupsPtrSize = $TOKEN_GROUPS::GetSize() + $TokenGroupsPtrSize = 0 + # Initial query to determine the necessary buffer size + $Success = $Advapi32::GetTokenInformation($hProcToken, 2, 0, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize) [IntPtr]$TokenGroupsPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenGroupsPtrSize) - [UInt32]$RealSize = 0 - # query the current process token with the 'TokenGroups=2' TOKEN_INFORMATION_CLASS enum to retrieve a TOKEN_GROUPS structure - $Success2 = $Advapi32::GetTokenInformation($hProcToken, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() + $Success = $Advapi32::GetTokenInformation($hProcToken, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() - if($Success2) { + if($Success) { $TokenGroups = $TokenGroupsPtr -as $TOKEN_GROUPS diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index a636bf1..a54cc6d 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -6141,13 +6141,13 @@ filter Get-GroupsXML { [XML]$GroupsXMLcontent = Get-Content $TargetGroupsXMLPath -ErrorAction Stop # process all group properties in the XML - $GroupsXMLcontent | Select-Xml "//Groups" | Select-Object -ExpandProperty node | ForEach-Object { + $GroupsXMLcontent | Select-Xml "/Groups/Group" | Select-Object -ExpandProperty node | ForEach-Object { - $Groupname = $_.Group.Properties.groupName + $Groupname = $_.Properties.groupName # extract the localgroup sid for memberof - $GroupSID = $_.Group.Properties.GroupSid - if(-not $LocalSid) { + $GroupSID = $_.Properties.groupSid + if(-not $GroupSID) { if($Groupname -match 'Administrators') { $GroupSID = 'S-1-5-32-544' } @@ -6163,7 +6163,7 @@ filter Get-GroupsXML { } # extract out members added to this group - $Members = $_.Group.Properties.members | Select-Object -ExpandProperty Member | Where-Object { $_.action -match 'ADD' } | ForEach-Object { + $Members = $_.Properties.members | Select-Object -ExpandProperty Member | Where-Object { $_.action -match 'ADD' } | ForEach-Object { if($_.sid) { $_.sid } else { $_.name } } @@ -6171,8 +6171,8 @@ filter Get-GroupsXML { if ($Members) { # extract out any/all filters...I hate you GPP - if($_.Group.filters) { - $Filters = $_.Group.filters.GetEnumerator() | ForEach-Object { + if($_.filters) { + $Filters = $_.filters.GetEnumerator() | ForEach-Object { New-Object -TypeName PSObject -Property @{'Type' = $_.LocalName;'Value' = $_.name} } } |