diff options
| -rwxr-xr-x | Recon/PowerView.ps1 | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index 83c1ae2..c003d8e 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -12149,8 +12149,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx ) BEGIN { - if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) { - Write-Warning "[Get-NetLocalGroup] -Credential is only compatible with '-Method WinNT'" + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential } } @@ -12203,12 +12203,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx } else { # otherwise we're using the WinNT service provider - if ($Credential -ne [Management.Automation.PSCredential]::Empty) { - $ComputerProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer,computer", $Credential.UserName, $Credential.GetNetworkCredential().Password) - } - else { - $ComputerProvider = [ADSI]"WinNT://$Computer,computer" - } + $ComputerProvider = [ADSI]"WinNT://$Computer,computer" $ComputerProvider.psbase.children | Where-Object { $_.psbase.schemaClassName -eq 'group' } | ForEach-Object { $LocalGroup = ([ADSI]$_) @@ -12223,6 +12218,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx } } } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } } @@ -12354,8 +12355,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx ) BEGIN { - if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) { - Write-Warning "[Get-NetLocalGroupMember] -Credential is only compatible with '-Method WinNT'" + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential } } @@ -12449,12 +12450,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx else { # otherwise we're using the WinNT service provider try { - if ($Credential -ne [Management.Automation.PSCredential]::Empty) { - $GroupProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer/$GroupName,group", $Credential.UserName, $Credential.GetNetworkCredential().Password) - } - else { - $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group" - } + $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group" $GroupProvider.psbase.Invoke('Members') | ForEach-Object { @@ -12539,6 +12535,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx } } } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } } |