aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-04-27Added Get-DNSZone and Get-DNSRecord to enumerate AD DNS information.Harmj0y1-0/+360
Added Convert-DNSRecord (ported from Michael B. Smith's code at https://raw.githubusercontent.com/mmessano/PowerShell/master/dns-dump.ps1) - needs expansion work on record types
2016-04-25Changed some property types in Get-ObjectACLHarmj0y1-2/+9
2016-04-24added Request-SPNTicket to request kerberos tickets for specified SPNsHarmj0y1-0/+48
2016-04-24For PowerView, added $Searcher.CacheResults = $False to Get-DomainSearcherHarmj0y1-19/+71
Added dispose() approach for the following cmdlets: Get-NetUser, Get-ObjectAcl/Add-ObjectAcl, Get-GUIDMap, Get-NetComputer, Get-ADObject, Get-NetOU, Get-NetSite, Get-NetSubnet, Get-NetGroup, Get-NetGroupMember, Get-DFSshare, Get-NetGPO, Get-NetDomainTrust
2016-04-24Merge pull request #128 from Meatballs1/fix_groups_xmlHarmJ0y1-2/+2
//Group -> //Groups
2016-04-11Merge pull request #125 from leechristensen/patch-1HarmJ0y1-1/+1
Change ComputerName default to the computer's name
2016-04-11Change ComputerName default to the computer's nameleechristensen1-1/+1
Change ComputerName default so Disabled doesn't report error
2016-04-08Merge pull request #122 from joncave/patch-1HarmJ0y1-0/+1
Find-PathHijack: Expand environment variables in path
2016-04-03//Group -> //GroupsMeatballs1-2/+2
2016-03-20Find-PathHijack: Expand environment variables in pathJon Cave1-0/+1
Paths containing environment variables can cause false-positives to occur, e.g. `%SystemRoot%\system32\WindowsPowerShell\v1.0\`. `Find-PathHijack` will believe this is a relative path and will report it as hijackable if the current directory is writeable.
2016-03-18Bug fix in Find-GPOLocationHarmj0y1-5/+9
2016-03-15Added Get-SiteName to find the site a computer is a part ofHarmj0y1-101/+288
Added -ComputerName parameter to Get-NetGPO to enumerate all GPOs a given computer has applied Fixed bug in Find-GPOComputerAdmin and added site enumeration for GPO links
2016-03-15Moved admin check for Get-System to allow for RevToSelfHarmj0y1-4/+4
2016-03-11Added Get-System to Privesc/Harmj0y3-3/+636
Added Pester tests for Get-System
2016-03-11Additional error checking in Get-DFSshareHarmj0y1-9/+10
2016-03-11Merge pull request #118 from Meatballs1/dfs_v1_pktHarmJ0y1-6/+198
Parse DFSv1 PKT
2016-03-10Get-TimedScreenshot enhancement. Issue #114Matt Graeber1-2/+18
Get-TimedScreenshot now captures the entire screen. The screen resolution is obtained via WMI. If for some reason that fails, it will fall back to the old, less ideal method.
2016-03-10Bugfix: Invoke-TokenManipulation. Issue #112Matt Graeber1-6/+19
Fixed the PSv4 dependency for obtaining process ownership information. Thanks to @mmashwani for suggesting the WMI solution.
2016-03-09Fixed bug with Get-NetGroupMember and computer accounts.Harmj0y1-33/+15
samaccounttype enumeration now more accurate.
2016-03-09fix for Find-GPOComputerAdminHarmj0y1-3/+15
2016-03-09Bug fix for Invoke-EnumerateLocalAdminHarmj0y1-5/+4
2016-03-09Removed Set-MacAttribute and Copy-ClonedFileHarmj0y2-234/+117
Combined Convert-NT4toCanonical and Convert-DomainSimpletoNT4 into Convert-ADName
2016-03-07Added New-GPOImmediateTaskHarmj0y1-12/+220
2016-03-07DomainOnly tweakHarmj0y1-5/+4
2016-03-07Added -DomainOnly flag to Invoke-EnumerateLocalAdminHarmj0y1-9/+23
2016-03-07renamed output field for Get-NetLocalGroup APIHarmj0y1-1/+1
2016-03-07Added NetLocalGroupGetMembers enumeration method for Get-NetLocalGroup with ↵Harmj0y1-151/+302
the -API flag Fixed threading specification in most threaded functions.
2016-03-07Parse DFSv1 PKTMeatballs1-6/+198
2016-03-06Added additional fields to Get-NetLocalGroup results.Harmj0y1-22/+63
2016-02-28Modified output of Find-GPOLocation to return more object information.Harmj0y1-26/+48
2016-02-28-fixed several bugs in Find-GPOLocation (-GroupName now works properly and ↵Harmj0y1-132/+147
Sites returned) -Find-GPOLocation with no arguments now returns all mappings -fixed parsing issue in Get-NetGPOGroup- names now properly extracted from restricted group templates
2016-02-12Added Pester tests for Get-SiteListPasswordHarmj0y2-2/+95
Encrypted password check for Get-SiteListPassword fields
2016-02-12Added additional search paths, code cleanup.Harmj0y1-42/+14
2016-02-11Added Get-SiteListPassword to decrypt McAfee SiteList.xml file passwords.Harmj0y2-1/+203
2016-02-11Most ldap-based search functions now accept a -Credential argument for ↵Harmj0y1-1084/+1427
querying from non-domain joined machines without a runas Changed several functions to filters, where appropriate. Get-NetShare, Get-NetSession, Get-NetLoggedOn, Get-NetRDPSession, Invoke-CheckLocalAdminAccess, Get-LastLoggedOn, Get-CachedRDPConnection, Get-NetProcess are now filters, better handle pipeline input, and now return an augmented result object with the queried ComputerName as a field Replaced RemoteUserName/RemotePassword with -Credential parameter in Get-CachedRDPConnection and Get-NetProcess modified output object for Get-NetShare to be a proper object Various bug fixes and better parameter validation
2016-01-25Merge pull request #111 from sagishahar/devHarmJ0y1-3/+3
Fix 'Install-ServiceBinary' for non-'Modifiable' files
2016-01-25Merge pull request #108 from sagishahar/masterHarmJ0y2-55/+195
Add 'CanRestart' to output and Pester tests
2016-01-17Fix 'Install-ServiceBinary' for non-'Modifiable' filessagishahar1-3/+3
The 'Install-ServiceBinary' function fails on an edge case where the service's file permission does not include the 'Modify' permission but does include the 'Write' permission (https://technet.microsoft.com/en-au/library/dd349321(v=ws.10).aspx). In this scenario, renaming the original service file for backup purposes will result in 'Access Denied' message. Fixing this requires that the file be copied to service.exe.bak instead of renamed to service.exe.bak.
2016-01-14Merge pull request #107 from secabstraction/devMatt Graeber2-206/+376
new Get-Keystrokes
2016-01-13Fixed Pester/PassThruJesse Davis1-0/+2
2016-01-13Fixed Pester/PassThruJesse Davis1-2/+0
2016-01-13Fixed Pester/PassThruJesse Davis1-1/+1
2016-01-13Fixed Pester/PassThruJesse Davis2-12/+12
2016-01-13Fixed Pester/PassThruJesse Davis2-7/+11
2016-01-13Merge pull request #110 from PowerShellMafia/masterMatt Graeber1-1/+2
Merging Invoke-TokenManipulation fix into dev
2016-01-13Merge pull request #109 from mmashwani/masterMatt Graeber1-1/+2
Don't search for SYSTEM token by using hard coded English name
2016-01-13Don't search for SYSTEM token by using hard coded English name for SYSTEM ↵mmashwani1-1/+2
account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages.
2016-01-13Add 'CanRestart' to output and Pester testssagishahar2-55/+195
Pester tests to the function 'Test-ServiceDaclPermission' were added in order to increase confidence in its reliability. In general, my intention was to replace the current functionality of the service management functions such as Invoke-ServiceStart, to not use blindly 'sc.exe start' but rather consult with the DACL permissions and base the decision on that. Unforunately, further investigation lead me to the conclusion that retrieval of the service's DACL permissions requires that an additional DACL permission (RC) be set. This may lead to an edge case that could miss a potential privilege escalation condition and thereby the original idea was discarded. Nonetheless, 'Test-ServiceDaclPermission' can be used for less critical tasks. Therefore, a 'CanRestart' property was added to the output of the service enumeration functions such as 'Get-ServiceUnquoted' as I think that it will add value to redteamers/pentesters by helping them prioritise which service should be abused for escalation of privileges. Services that can be restarted by a low privileged user will probably be prioritised first. Additionally, manual checking whether the vulnerable service can be restarted would not be required in most cases.
2016-01-11Update Get-Keystrokes.ps1Jesse Davis1-4/+4
2016-01-09Update Exfiltration.tests.ps1Jesse Davis1-2/+2
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-26 03:14:30 +0000