| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Select all <Group> nodes and iterate through them, not just the root
<Groups> node.
|
|
instead of name
|
|
Invoke-CheckLocalAdminAccess...whoops
|
|
|
|
Fix Get-NetLocalGroup Recursion for LocalGroups
|
|
the current directory location
Fixed other logic bugs in Get-ModifiablePath
Fixed bug in Add-ServiceDacl when the [ServiceProcess.ServiceController] wasn't loaded yet by Get-Service
Error handling for Get-CachedGPPPassword
Changed some Write-Warnings to Write-Verbose
Updated Privesc Pester tests for PowerUp
|
|
|
|
Recurse if localgroup as well as domaingroup
Normalize output values to empty string
|
|
|
|
Changed domain/forest Write-Warning's to Write-Verbose
|
|
ID (i.e. domain users)
Modified Get-DomainSID to simplify
Changed group determination in Get-NetLocalGroup -API
Few optimizations to Find-ForeignUser and Find-ForeignGroup
Changed DNS resolution method for Invoke-UserHunter
Added 'PowerView.GPOLocalGroup' type to Find-GPOLocation
|
|
Fixed thread countdown timer in Invoke-ThreadedFunction, wasn't ever …
|
|
rogue jobs
|
|
Fixed Get-DomainSID to allow for a -DomainController parameter
Fixed Get-NetDomainTrust logic
|
|
Added attempted gpcfilesyspath resolution to Get-NetGPO
Added -ADSPath for Get-NetDomainTrust
|
|
|
|
|
|
Moved GPOType check to Get-NetGPOGroup
Expanded comments and help for GPO location cmdlets
|
|
|
|
Get-GPPPassword.
Added Pester tests for Get-CachedGPPPassword.
|
|
Find-GPOComputerAdmin
Rewrote/corrected logic for Find-GPOLocation
Added Get-IniContent and rewrote Get-GptTmpl to use Get-IniContent to parse GptTmpl.inf files
Rewrote Get-GroupsXML to not resolve SIDs and return the same object type as Get-GptTmpl
|
|
PowerUp PSReflect
|
|
Bug fixes
Corrected PowerUp Pester tests
Changed 'Path' field to 'ModifiablePath' in 'Get-ModifiablePath'
Get-ServiceUnquoted now filters paths through Get-ModifiablePath
|
|
Renamed Find-PathHijack to Find-PathDLLHijack
Fixed exposed functions in PowerSploit.psd1
|
|
|
|
-Additional error checking and documentation
-OpenProcessToken() call now uses TOKEN_QUERY instead of TOKEN_READ
|
|
with SID and attributes fields
|
|
user is a part of, regardless of being disabled.
Replaced 'whoami /groups' local admin + medium integrity check with comparison against Get-CurrentUserTokenGroupSid
|
|
file objects
-Service functions now accept just -Name (instead of -Service/-ServiceName) that accepts has ValueFromPipelineByPropertyName set in order to handle service objects on the pipeline
-Moved PSReflect signatures to the bottom of the script
-Function and help cleanup
|
|
|
|
-Get-VulnSchTask renamed to Get-ModifiableScheduledTaskFile
-Get-VulnAutoRun renamed Get-RegistryAutoRun
-Get-RegAutoLogon renamed Get-RegistryAutoLogon
-Find-DLLHijack renamed to Find-ProcessDLLHijack for clarification, code cleaned up, -Process parameter added, output object detail expanded, and help expanded
-Removed most of the code from Find-PathHijack, replacing it with Get-ModifiablePath
-Cleaned up logic for Write-HijackDll
-Expanded help for the registry enumeration cmdlets
-Added local user creation options to Write-HijackDll to match Write-ServiceBinary
-Increased pause between user creation commands
|
|
-Fixed parameter sets for Write-ServiceBinary and added -Credential and -Service params
-Simplified/corrected logic for Install-ServiceBinary
-Fixed parameter sets and simplified logic for Restore-ServiceBinary
-Added sanity check with Get-ModifiableFile for Install-ServiceBinary
-Cleaned up lingering spaces
|
|
Invoke-ServiceDisable
-Renamed Get-ServiceFilePermission to Get-ModifiableServiceFile
-Renamed Get-ServicePermission Get-ModifiableService
-Integrated PSReflect codebase from @mattifestation
-Modified Get-ModifiableFile to enumerate the ACLs for passed file paths, returning the path/permission set/identityreference for each modifable file (instead of opening file for modification)
-Added Add-ServiceDacl from @mattifestation to add service Dacls to Get-Service objects
-Added Set-ServiceBinPath replace "sc.exe config SERVICE binPath= X" - now modifies using the ChangeServiceConfig Win32 API call
-Revamped Test-ServiceDaclPermission to take advantage of Add-ServiceDacl. Service permissions are now matched up against the current user's group memberships and specified permission sets to check for.
-Functions that checked for service restarting now use Test-ServiceDaclPermission
-Get-ModifiableService now uses Test-ServiceDaclPermission
-Invoke-ServiceAbuse completely rebuilt to use native PowerShell functions and Set-ServiceBinPath to reconfiguring service binary paths for abuse
-Parameter sets rewritten for several functions to accept -Credential objects were applicable and -Service objects from Get-Service on the pipeline
TODO: Tune up Write-ServiceBinary, Install-ServiceBinary, Restore-ServiceBinary, Find-DLLHijack, Find-PathHijack, Write-HijackDll, and all the registry checks
|
|
|
|
|
|
General errors are now parsed with [ComponentModel.Win32Exception] and written with Write-Verbose
Write-Debug calls converted to Write-Verbose or removed
|
|
|
|
Add hourly scheduled task persistence option
|
|
The parameter type and return types were accidentally transposed. Thanks
@rojaster for pointing this out.
|
|
|
|
|
|
|
|
-Corrected parameter/variable scoping bug in several functions
-TODO: fix begin{} scoping issues in Find-InterestingFile, Invoke-UserHunter, Invoke-ProcessHunter, Invoke-EventHunter, Invoke-ShareFinder, Invoke-FileFinder, Find-LocalAdminAccess, Invoke-EnumerateLocalAdmin
-Other misc. fixes
|
|
Get-LoggedOnLocal turned into a filter and given additional error handling
Standardized tab/line spacing
Removed Invoke-PSLoggedOn
|
|
Adds PSLoggedOn like functionality
|
|
PowerView - Fix Groups.xml Parsing
|
|
|
|
|
|
DsEnumerateDomainTrusts()
Logic bug fix for Get-DNSZone
Bug fix for Get-NetLocalGroup
|
|
|