aboutsummaryrefslogtreecommitdiff
path: root/Recon/PowerView.ps1
diff options
context:
space:
mode:
Diffstat (limited to 'Recon/PowerView.ps1')
-rwxr-xr-xRecon/PowerView.ps1137
1 files changed, 73 insertions, 64 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index 8d80482..ef36e3f 100755
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -1563,18 +1563,18 @@ https://gallery.technet.microsoft.com/scriptcenter/Translating-Active-5c80dd67
)
}
catch {
- Write-Verbose "[Convert-ADName] Error initialiting translation for '$Identity' using alternate credentials : $_"
+ Write-Verbose "[Convert-ADName] Error initializing translation for '$Identity' using alternate credentials : $_"
}
}
else {
try {
- Invoke-Method $Translate 'Init' (
+ $Null = Invoke-Method $Translate 'Init' (
$ADSInitType,
$InitName
)
}
catch {
- Write-Verbose "[Convert-ADName] Error initialiting translation for '$Identity' : $_"
+ Write-Verbose "[Convert-ADName] Error initializing translation for '$Identity' : $_"
}
}
@@ -1583,7 +1583,7 @@ https://gallery.technet.microsoft.com/scriptcenter/Translating-Active-5c80dd67
try {
# 8 = Unknown name type -> let the server do the work for us
- Invoke-Method $Translate 'Set' (8, $TargetIdentity)
+ $Null = Invoke-Method $Translate 'Set' (8, $TargetIdentity)
Invoke-Method $Translate 'Get' ($ADSOutputType)
}
catch [System.Management.Automation.MethodInvocationException] {
@@ -4717,21 +4717,24 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
$UserSearcher = Get-DomainSearcher @SearcherArguments
}
}
- elseif ($IdentityInstance -match '^S-1-.*') {
- # SID format
- $IdentityFilter += "(objectsid=$IdentityInstance)"
- }
- elseif ($IdentityInstance -match '^CN=.*') {
- # distinguished names
- $IdentityFilter += "(distinguishedname=$IdentityInstance)"
- }
else {
- try {
- $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
- $IdentityFilter += "(objectguid=$GuidByteString)"
+ $IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
+ if ($IdentityInstance -match '^S-1-.*') {
+ # SID format
+ $IdentityFilter += "(objectsid=$IdentityInstance)"
}
- catch {
- $IdentityFilter += "(samAccountName=$IdentityInstance)"
+ elseif ($IdentityInstance -match '^CN=.*') {
+ # distinguished names
+ $IdentityFilter += "(distinguishedname=$IdentityInstance)"
+ }
+ else {
+ try {
+ $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
+ $IdentityFilter += "(objectguid=$GuidByteString)"
+ }
+ catch {
+ $IdentityFilter += "(samAccountName=$IdentityInstance)"
+ }
}
}
}
@@ -5746,7 +5749,7 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
$IdentityFilter = ''
$Filter = ''
$Identity | Where-Object {$_} | ForEach-Object {
- $IdentityInstance = $_
+ $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
if ($IdentityInstance -match '^S-1-.*') {
$IdentityFilter += "(objectsid=$IdentityInstance)"
}
@@ -6071,23 +6074,26 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
$ObjectSearcher = Get-DomainSearcher @SearcherArguments
}
}
- elseif ($IdentityInstance -match '^S-1-.*') {
- $IdentityFilter += "(objectsid=$IdentityInstance)"
- }
- elseif ($IdentityInstance -match '^(CN|OU)=.*') {
- $IdentityFilter += "(distinguishedname=$IdentityInstance)"
- }
else {
- try {
- $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
- $IdentityFilter += "(objectguid=$GuidByteString)"
+ $IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
+ if ($IdentityInstance -match '^S-1-.*') {
+ $IdentityFilter += "(objectsid=$IdentityInstance)"
}
- catch {
- if ($IdentityInstance.Contains('.')) {
- $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
+ elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
+ $IdentityFilter += "(distinguishedname=$IdentityInstance)"
+ }
+ else {
+ try {
+ $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
+ $IdentityFilter += "(objectguid=$GuidByteString)"
}
- else {
- $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
+ catch {
+ if ($IdentityInstance.Contains('.')) {
+ $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
+ }
+ else {
+ $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
+ }
}
}
}
@@ -6770,11 +6776,11 @@ Custom PSObject with ACL entries.
$IdentityFilter = ''
$Filter = ''
$Identity | Where-Object {$_} | ForEach-Object {
- $IdentityInstance = $_
+ $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
if ($IdentityInstance -match '^S-1-.*') {
$IdentityFilter += "(objectsid=$IdentityInstance)"
}
- elseif ($IdentityInstance -match '^(CN|OU)=.*') {
+ elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
}
else {
@@ -7659,7 +7665,7 @@ Custom PSObject with translated OU property fields.
$IdentityFilter = ''
$Filter = ''
$Identity | Where-Object {$_} | ForEach-Object {
- $IdentityInstance = $_
+ $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
if ($IdentityInstance -match '^OU=.*') {
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
}
@@ -7918,7 +7924,7 @@ Custom PSObject with translated site property fields.
$IdentityFilter = ''
$Filter = ''
$Identity | Where-Object {$_} | ForEach-Object {
- $IdentityInstance = $_
+ $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
if ($IdentityInstance -match '^CN=.*') {
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
}
@@ -8176,7 +8182,7 @@ Custom PSObject with translated subnet property fields.
$IdentityFilter = ''
$Filter = ''
$Identity | Where-Object {$_} | ForEach-Object {
- $IdentityInstance = $_
+ $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
if ($IdentityInstance -match '^CN=.*') {
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
}
@@ -8647,19 +8653,22 @@ Custom PSObject with translated group property fields.
$GroupSearcher = Get-DomainSearcher @SearcherArguments
}
}
- elseif ($IdentityInstance -match '^S-1-.*') {
- $IdentityFilter += "(objectsid=$IdentityInstance)"
- }
- elseif ($IdentityInstance -match '^CN=.*') {
- $IdentityFilter += "(distinguishedname=$IdentityInstance)"
- }
else {
- try {
- $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
- $IdentityFilter += "(objectguid=$GuidByteString)"
+ $IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
+ if ($IdentityInstance -match '^S-1-.*') {
+ $IdentityFilter += "(objectsid=$IdentityInstance)"
}
- catch {
- $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
+ elseif ($IdentityInstance -match '^CN=.*') {
+ $IdentityFilter += "(distinguishedname=$IdentityInstance)"
+ }
+ else {
+ try {
+ $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
+ $IdentityFilter += "(objectguid=$GuidByteString)"
+ }
+ catch {
+ $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
+ }
}
}
}
@@ -9368,19 +9377,22 @@ http://www.powershellmagazine.com/2013/05/23/pstip-retrieve-group-membership-of-
$GroupSearcher = Get-DomainSearcher @SearcherArguments
}
}
- elseif ($IdentityInstance -match '^S-1-.*') {
- $IdentityFilter += "(objectsid=$IdentityInstance)"
- }
- elseif ($IdentityInstance -match '^CN=.*') {
- $IdentityFilter += "(distinguishedname=$IdentityInstance)"
- }
else {
- try {
- $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
- $IdentityFilter += "(objectguid=$GuidByteString)"
+ $IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
+ if ($IdentityInstance -match '^S-1-.*') {
+ $IdentityFilter += "(objectsid=$IdentityInstance)"
}
- catch {
- $IdentityFilter += "(samAccountName=$IdentityInstance)"
+ elseif ($IdentityInstance -match '^CN=.*') {
+ $IdentityFilter += "(distinguishedname=$IdentityInstance)"
+ }
+ else {
+ try {
+ $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
+ $IdentityFilter += "(objectguid=$GuidByteString)"
+ }
+ catch {
+ $IdentityFilter += "(samAccountName=$IdentityInstance)"
+ }
}
}
}
@@ -10925,11 +10937,8 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
$IdentityFilter = ''
$Filter = ''
$Identity | Where-Object {$_} | ForEach-Object {
- $IdentityInstance = $_
- if ($IdentityInstance -match 'LDAP://') {
- $IdentityFilter += "(distinguishedname=$IdentityInstance)"
- }
- elseif ($IdentityInstance -match '^CN=.*') {
+ $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
+ if ($IdentityInstance -match 'LDAP://|^CN=.*') {
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
}
elseif ($IdentityInstance -match '{.*}') {
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-25 21:38:42 +0000