diff options
| -rw-r--r-- | Recon/PowerView.ps1 | 90 |
1 files changed, 71 insertions, 19 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index c6ce1d2..4c64e80 100644 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -1678,6 +1678,7 @@ filter Get-DomainSearcher { } $Searcher.PageSize = $PageSize + $Searcher.CacheResults = $False $Searcher } @@ -2126,10 +2127,13 @@ function Get-NetUser { $UserSearcher.filter="(&(samAccountType=805306368)$Filter)" } - $UserSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $UserSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { # convert/process the LDAP fields for each result Convert-LDAPProperty -Properties $_.Properties } + $Results.dispose() + $UserSearcher.dispose() } } } @@ -2857,7 +2861,8 @@ function Get-ObjectAcl { } try { - $Searcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $Searcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { $Object = [adsi]($_.path) if($Object.distinguishedname) { @@ -2909,6 +2914,8 @@ function Get-ObjectAcl { } else { $_ } } + $Results.dispose() + $Searcher.dispose() } catch { Write-Warning $_ @@ -3080,7 +3087,9 @@ function Add-ObjectAcl { } try { - $Searcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $Searcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { + # adapted from https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a9c-be98-c4da6e591a0a/forum-faq-using-powershell-to-assign-permissions-on-active-directory-objects $TargetDN = $_.Properties.distinguishedname @@ -3135,6 +3144,8 @@ function Add-ObjectAcl { Write-Warning "Error granting principal $PrincipalSID '$Rights' on $TargetDN : $_" } } + $Results.dispose() + $Searcher.dispose() } catch { Write-Warning "Error: $_" @@ -3303,10 +3314,13 @@ filter Get-GUIDMap { if($SchemaSearcher) { $SchemaSearcher.filter = "(schemaIDGUID=*)" try { - $SchemaSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $SchemaSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { # convert the GUID $GUIDs[(New-Object Guid (,$_.properties.schemaidguid[0])).Guid] = $_.properties.name[0] } + $Results.dispose() + $SchemaSearcher.dispose() } catch { Write-Debug "Error in building GUID map: $_" @@ -3317,10 +3331,13 @@ filter Get-GUIDMap { if ($RightsSearcher) { $RightsSearcher.filter = "(objectClass=controlAccessRight)" try { - $RightsSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $RightsSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { # convert the GUID $GUIDs[$_.properties.rightsguid[0].toString()] = $_.properties.name[0] } + $Results.dispose() + $RightsSearcher.dispose() } catch { Write-Debug "Error in building GUID map: $_" @@ -3520,8 +3537,8 @@ function Get-NetComputer { $CompSearcher.filter = $CompFilter try { - - $CompSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $CompSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { $Up = $True if($Ping) { # TODO: how can these results be piped to ping for a speedup? @@ -3539,6 +3556,8 @@ function Get-NetComputer { } } } + $Results.dispose() + $CompSearcher.dispose() } catch { Write-Warning "Error: $_" @@ -3680,7 +3699,8 @@ function Get-ADObject { $ObjectSearcher.filter = "(&(samAccountName=$SamAccountName)$Filter)" } - $ObjectSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $ObjectSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { if($ReturnRaw) { $_ } @@ -3689,6 +3709,8 @@ function Get-ADObject { Convert-LDAPProperty -Properties $_.Properties } } + $Results.dispose() + $ObjectSearcher.dispose() } } } @@ -4233,7 +4255,8 @@ function Get-NetOU { } try { - $OUSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $OUSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { if ($FullData) { # convert/process the LDAP fields for each result Convert-LDAPProperty -Properties $_.Properties @@ -4243,6 +4266,8 @@ function Get-NetOU { $_.properties.adspath } } + $Results.dispose() + $OUSearcher.dispose() } catch { Write-Warning $_ @@ -4346,7 +4371,8 @@ function Get-NetSite { } try { - $SiteSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $SiteSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { if ($FullData) { # convert/process the LDAP fields for each result Convert-LDAPProperty -Properties $_.Properties @@ -4356,6 +4382,8 @@ function Get-NetSite { $_.properties.name } } + $Results.dispose() + $SiteSearcher.dispose() } catch { Write-Warning $_ @@ -4453,7 +4481,8 @@ function Get-NetSubnet { $SubnetSearcher.filter="(&(objectCategory=subnet))" try { - $SubnetSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $SubnetSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { if ($FullData) { # convert/process the LDAP fields for each result Convert-LDAPProperty -Properties $_.Properties | Where-Object { $_.siteobject -match "CN=$SiteName" } @@ -4476,6 +4505,8 @@ function Get-NetSubnet { } } } + $Results.dispose() + $SubnetSearcher.dispose() } catch { Write-Warning $_ @@ -4686,8 +4717,9 @@ function Get-NetGroup { else { $GroupSearcher.filter = "(&(objectCategory=group)(name=$GroupName)$Filter)" } - - $GroupSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + + $Results = $GroupSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { # if we're returning full data objects if ($FullData) { # convert/process the LDAP fields for each result @@ -4698,6 +4730,8 @@ function Get-NetGroup { $_.properties.samaccountname } } + $Results.dispose() + $GroupSearcher.dispose() } } } @@ -4869,7 +4903,8 @@ function Get-NetGroupMember { $GroupSearcher.filter = "(&(objectCategory=group)(objectSID=$SID)$Filter)" } - $GroupSearcher.FindAll() | ForEach-Object { + $Results = $GroupSearcher.FindAll() + $Results | ForEach-Object { try { if (!($_) -or !($_.properties) -or !($_.properties.name)) { continue } @@ -4917,6 +4952,8 @@ function Get-NetGroupMember { Write-Verbose $_ } } + $Results.dispose() + $GroupSearcher.dispose() } $Members | Where-Object {$_} | ForEach-Object { @@ -5377,7 +5414,8 @@ function Get-DFSshare { $DFSsearcher.filter = "(&(objectClass=fTDfs))" try { - $DFSSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $DFSSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { $Properties = $_.Properties $RemoteNames = $Properties.remoteservername $Pkt = $Properties.pkt @@ -5393,6 +5431,8 @@ function Get-DFSshare { } } } + $Results.dispose() + $DFSSearcher.dispose() if($pkt -and $pkt[0]) { Parse-Pkt $pkt[0] | ForEach-Object { @@ -5442,7 +5482,8 @@ function Get-DFSshare { $DFSSearcher.PropertiesToLoad.AddRange(('msdfs-linkpathv2','msDFS-TargetListv2')) try { - $DFSSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $DFSSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { $Properties = $_.Properties $target_list = $Properties.'msdfs-targetlistv2'[0] $xml = [xml][System.Text.Encoding]::Unicode.GetString($target_list[2..($target_list.Length-1)]) @@ -5460,6 +5501,8 @@ function Get-DFSshare { } } } + $Results.dispose() + $DFSSearcher.dispose() } catch { Write-Warning "Get-DFSshareV2 error : $_" @@ -5873,11 +5916,14 @@ function Get-NetGPO { $GPOSearcher.filter="(&(objectCategory=groupPolicyContainer)(name=$GPOname))" try { - $GPOSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $GPOSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { $Out = Convert-LDAPProperty -Properties $_.Properties $Out | Add-Member Noteproperty 'ComputerName' $ComputerName $Out } + $Results.dispose() + $GPOSearcher.dispose() } catch { Write-Warning $_ @@ -5894,10 +5940,13 @@ function Get-NetGPO { } try { - $GPOSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $GPOSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { # convert/process the LDAP fields for each result Convert-LDAPProperty -Properties $_.Properties } + $Results.dispose() + $GPOSearcher.dispose() } catch { Write-Warning $_ @@ -11762,7 +11811,8 @@ function Get-NetDomainTrust { $TrustSearcher.filter = '(&(objectClass=trustedDomain))' - $TrustSearcher.FindAll() | Where-Object {$_} | ForEach-Object { + $Results = $TrustSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { $Props = $_.Properties $DomainTrust = New-Object PSObject $TrustAttrib = Switch ($Props.trustattributes) @@ -11795,6 +11845,8 @@ function Get-NetDomainTrust { $DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction" $DomainTrust } + $Results.dispose() + $TrustSearcher.dispose() } } |