aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-05-05Adds PSLoggedOn like functionalityMatt Kelly1-0/+143
Adding in Get-LoggedOnLocal which uses HKU registry checks to see who is logged locally to a remote box and only requires user level access rights. The benefit over NetWkstaUserEnum is less user privileges required (admin for NetWkstaUserEnum) and is the same process PSLoggedOn uses. Invoke-PSLoggedOn launches both Get-LoggedOnLocal and Get-NetSessions and outputs the same format as PSLoggedOn.exe from Sysinternals. I did not change Invoke-UserHunter non-stealth to this option yet, but it is beneficial in that if you use both HKU and NetSessionEnum you only require basic user level rights not admin remote.
2016-05-03Added Get-RegistryMountedDriveHarmj0y1-6/+120
2016-04-27Modified Convert-DNSRecord to return the base64 encoded record for record ↵Harmj0y1-52/+26
types not currently handled.
2016-04-27Added Get-DNSZone and Get-DNSRecord to enumerate AD DNS information.Harmj0y1-0/+360
Added Convert-DNSRecord (ported from Michael B. Smith's code at https://raw.githubusercontent.com/mmessano/PowerShell/master/dns-dump.ps1) - needs expansion work on record types
2016-04-25Changed some property types in Get-ObjectACLHarmj0y1-2/+9
2016-04-24added Request-SPNTicket to request kerberos tickets for specified SPNsHarmj0y1-0/+48
2016-04-24For PowerView, added $Searcher.CacheResults = $False to Get-DomainSearcherHarmj0y1-19/+71
Added dispose() approach for the following cmdlets: Get-NetUser, Get-ObjectAcl/Add-ObjectAcl, Get-GUIDMap, Get-NetComputer, Get-ADObject, Get-NetOU, Get-NetSite, Get-NetSubnet, Get-NetGroup, Get-NetGroupMember, Get-DFSshare, Get-NetGPO, Get-NetDomainTrust
2016-04-24Merge pull request #128 from Meatballs1/fix_groups_xmlHarmJ0y1-2/+2
//Group -> //Groups
2016-04-11Merge pull request #125 from leechristensen/patch-1HarmJ0y1-1/+1
Change ComputerName default to the computer's name
2016-04-11Change ComputerName default to the computer's nameleechristensen1-1/+1
Change ComputerName default so Disabled doesn't report error
2016-04-08Merge pull request #122 from joncave/patch-1HarmJ0y1-0/+1
Find-PathHijack: Expand environment variables in path
2016-04-03//Group -> //GroupsMeatballs1-2/+2
2016-03-20Find-PathHijack: Expand environment variables in pathJon Cave1-0/+1
Paths containing environment variables can cause false-positives to occur, e.g. `%SystemRoot%\system32\WindowsPowerShell\v1.0\`. `Find-PathHijack` will believe this is a relative path and will report it as hijackable if the current directory is writeable.
2016-03-18Bug fix in Find-GPOLocationHarmj0y1-5/+9
2016-03-15Added Get-SiteName to find the site a computer is a part ofHarmj0y1-101/+288
Added -ComputerName parameter to Get-NetGPO to enumerate all GPOs a given computer has applied Fixed bug in Find-GPOComputerAdmin and added site enumeration for GPO links
2016-03-15Moved admin check for Get-System to allow for RevToSelfHarmj0y1-4/+4
2016-03-11Added Get-System to Privesc/Harmj0y3-3/+636
Added Pester tests for Get-System
2016-03-11Additional error checking in Get-DFSshareHarmj0y1-9/+10
2016-03-11Merge pull request #118 from Meatballs1/dfs_v1_pktHarmJ0y1-6/+198
Parse DFSv1 PKT
2016-03-10Get-TimedScreenshot enhancement. Issue #114Matt Graeber1-2/+18
Get-TimedScreenshot now captures the entire screen. The screen resolution is obtained via WMI. If for some reason that fails, it will fall back to the old, less ideal method.
2016-03-10Bugfix: Invoke-TokenManipulation. Issue #112Matt Graeber1-6/+19
Fixed the PSv4 dependency for obtaining process ownership information. Thanks to @mmashwani for suggesting the WMI solution.
2016-03-09Fixed bug with Get-NetGroupMember and computer accounts.Harmj0y1-33/+15
samaccounttype enumeration now more accurate.
2016-03-09fix for Find-GPOComputerAdminHarmj0y1-3/+15
2016-03-09Bug fix for Invoke-EnumerateLocalAdminHarmj0y1-5/+4
2016-03-09Removed Set-MacAttribute and Copy-ClonedFileHarmj0y2-234/+117
Combined Convert-NT4toCanonical and Convert-DomainSimpletoNT4 into Convert-ADName
2016-03-07Added New-GPOImmediateTaskHarmj0y1-12/+220
2016-03-07DomainOnly tweakHarmj0y1-5/+4
2016-03-07Added -DomainOnly flag to Invoke-EnumerateLocalAdminHarmj0y1-9/+23
2016-03-07renamed output field for Get-NetLocalGroup APIHarmj0y1-1/+1
2016-03-07Added NetLocalGroupGetMembers enumeration method for Get-NetLocalGroup with ↵Harmj0y1-151/+302
the -API flag Fixed threading specification in most threaded functions.
2016-03-07Parse DFSv1 PKTMeatballs1-6/+198
2016-03-06Added additional fields to Get-NetLocalGroup results.Harmj0y1-22/+63
2016-02-28Modified output of Find-GPOLocation to return more object information.Harmj0y1-26/+48
2016-02-28-fixed several bugs in Find-GPOLocation (-GroupName now works properly and ↵Harmj0y1-132/+147
Sites returned) -Find-GPOLocation with no arguments now returns all mappings -fixed parsing issue in Get-NetGPOGroup- names now properly extracted from restricted group templates
2016-02-12Added Pester tests for Get-SiteListPasswordHarmj0y2-2/+95
Encrypted password check for Get-SiteListPassword fields
2016-02-12Added additional search paths, code cleanup.Harmj0y1-42/+14
2016-02-11Added Get-SiteListPassword to decrypt McAfee SiteList.xml file passwords.Harmj0y2-1/+203
2016-02-11Most ldap-based search functions now accept a -Credential argument for ↵Harmj0y1-1084/+1427
querying from non-domain joined machines without a runas Changed several functions to filters, where appropriate. Get-NetShare, Get-NetSession, Get-NetLoggedOn, Get-NetRDPSession, Invoke-CheckLocalAdminAccess, Get-LastLoggedOn, Get-CachedRDPConnection, Get-NetProcess are now filters, better handle pipeline input, and now return an augmented result object with the queried ComputerName as a field Replaced RemoteUserName/RemotePassword with -Credential parameter in Get-CachedRDPConnection and Get-NetProcess modified output object for Get-NetShare to be a proper object Various bug fixes and better parameter validation
2016-01-25Merge pull request #111 from sagishahar/devHarmJ0y1-3/+3
Fix 'Install-ServiceBinary' for non-'Modifiable' files
2016-01-25Merge pull request #108 from sagishahar/masterHarmJ0y2-55/+195
Add 'CanRestart' to output and Pester tests
2016-01-17Fix 'Install-ServiceBinary' for non-'Modifiable' filessagishahar1-3/+3
The 'Install-ServiceBinary' function fails on an edge case where the service's file permission does not include the 'Modify' permission but does include the 'Write' permission (https://technet.microsoft.com/en-au/library/dd349321(v=ws.10).aspx). In this scenario, renaming the original service file for backup purposes will result in 'Access Denied' message. Fixing this requires that the file be copied to service.exe.bak instead of renamed to service.exe.bak.
2016-01-14Merge pull request #107 from secabstraction/devMatt Graeber2-206/+376
new Get-Keystrokes
2016-01-13Fixed Pester/PassThruJesse Davis1-0/+2
2016-01-13Fixed Pester/PassThruJesse Davis1-2/+0
2016-01-13Fixed Pester/PassThruJesse Davis1-1/+1
2016-01-13Fixed Pester/PassThruJesse Davis2-12/+12
2016-01-13Fixed Pester/PassThruJesse Davis2-7/+11
2016-01-13Merge pull request #110 from PowerShellMafia/masterMatt Graeber1-1/+2
Merging Invoke-TokenManipulation fix into dev
2016-01-13Merge pull request #109 from mmashwani/masterMatt Graeber1-1/+2
Don't search for SYSTEM token by using hard coded English name
2016-01-13Don't search for SYSTEM token by using hard coded English name for SYSTEM ↵mmashwani1-1/+2
account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages.
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-12 09:38:41 +0000