aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-12-01merge resolutionHarmJ0y3-1/+144
2016-12-01Merge pull request #200 from st3r30byt3/patch-2HarmJ0y1-3/+0
Updated Get-ExploitableSystem
2016-12-01Updated Get-ExploitableSystemAntonio Quina1-3/+0
Removed *_netapi from Vista/2008 in Get-ExploitableSystem as they are not vulnerable
2016-12-01Merge pull request #187 from Meatballs1/filter_getnetfileserversHarmJ0y1-3/+3
Add disabled and present searches to get-netfileservers
2016-12-01Merge pull request #174 from Meatballs1/securitygroupsHarmJ0y1-12/+23
Retrieve Security groups by default
2016-11-21Added Get-GPPAutologon.ps1Oddvar Moe3-1/+149
2016-11-10Updated to 2.1 20161029 OJ EditionMatt Graeber1-5/+9
Address issue #190
2016-11-01Add disabled and present searches to get-netfileserversMeatballs1-3/+3
2016-09-26Merge pull request #182 from monoxgas/devHarmJ0y2-1/+2
Service DACL false positive | Request-SPNTicket double hash
2016-09-13Break on ticket captureNick Landers1-0/+1
2016-09-13Service DACL false positiveNick Landers1-1/+1
2016-09-06Merge pull request #173 from joncave/user_pollingHarmJ0y1-113/+138
PowerView: Invoke-UserHunter -Poll
2016-09-06Merge pull request #180 from machosec/EncPartParamHarmJ0y1-2/+29
Added the EncPart param to Request-SPNTicket
2016-08-25Add the EncPart param to Request-SPNTicketMatan Hart1-2/+29
Adds the ability to return the encrypted part of the ticket. This portion is the encrypted data that can be brute-forced with Kerberoast/Hashcat/JtR
2016-08-13Modify dependent functionsMeatballs1-4/+4
2016-08-13Retrieve Security groups by defaultMeatballs1-8/+19
2016-08-13Continuously collect output from background threadsJon Cave1-34/+27
The PowerShell.BeginInvoke<TInput, TOutput>(PSDataCollection<TInput>, PSDataCollection<TOutput>) method[1] is used to collect output from each job into a buffer. This can be read whilst the jobs are still running. Being able to return partial results is particularly useful for long running background threads, such as Invoke-UserHunter -Poll. PowerShell 2.0 doesn't play nicely with generic methods. The technique described in [2] is used to allow this version of BeginInvoke() to be used. [1] https://msdn.microsoft.com/en-us/library/dd182440(v=vs.85).aspx [2] http://www.leeholmes.com/blog/2007/06/19/invoking-generic-methods-on-non-generic-classes-in-powershell/
2016-08-13Add a polling mode to Invoke-UserHunterJon Cave1-79/+111
Repeatedly poll a set of target computers for user sessions. This could be a useful technique for building a much better picture of current sessions, but without having to communicate with every host. The -Poll parameter is used to specify the duration for which polling should occur. Each target computer is dedicated with a thread with -Delay and -Jitter specifying how long to sleep between each session enumeration attempt of an individual host.
2016-07-19Merge pull request #168 from linuz/masterHarmJ0y1-6/+30
Added ability to specify domain controller to search (-Server parameter)
2016-07-19Added default value to parameterDennis Maldonado1-12/+4
Added default value to parameter and got rid of value check later in the code. Added validation of -Server value to ensure it is not $Null or an empty string
2016-07-15Merge branch 'dev' of https://github.com/PowerShellMafia/PowerSploit into devHarmj0y1-8/+13
2016-07-15typeHarmj0y1-1/+1
2016-07-15Fix for issue #167Harmj0y1-2/+4
2016-07-15Updated Invoke-Mimikatz to "2.1 alpha 20160711 (oe.eo) edition"Matt Graeber1-7/+5
2016-07-15#147 Bugfix: Invoke-MimikatzMatt Graeber1-1/+8
Invoke-Mimikatz was not not handling functions exported by ordinal. Thank you @gentilkiwi for the suggested fix!
2016-07-15Merge pull request #161 from joncave/batnewlinesHarmJ0y1-2/+2
PowerUp: Remove badly encoded new lines from .bat output
2016-07-15Merge pull request #160 from joncave/tokeninfoHarmJ0y1-6/+5
PowerUp: Allocate enough space for TOKEN_GROUPS
2016-07-15Merge pull request #158 from joncave/groupsxmlHarmJ0y1-7/+7
PowerView: Fix Groups.xml parsing for multiple <Group>s
2016-06-30Added ability to specify domain controller to search (-Server parameter)Dennis Maldonado1-5/+37
Added the ability for users to specify the domain controller that is searched, using the -Server parameter. The -Server parameter is optional and defaults to the user's current domain if not specified.
2016-06-30PowerUp: Remove badly encoded new lines from .bat outputJon Cave1-2/+2
The current implementation results in a .bat like: @echo off\n start /b net user john Password123! /add && timeout /t 5 && net localgroup Administrators john /add\n start /b "" cmd /c del "%~f0"&exit /b With literal "\n" strings at the end of the first two lines. A new line in a PowerShell string should be "`n". However, an extra new line isn't actually necessary in this case.
2016-06-30PowerUp: Allocate enough space for TOKEN_GROUPSJon Cave1-6/+5
Make an initial call to GetTokenInformation() with a NULL buffer to get the actual buffer size required. Prevents "The data area passed to a system call is too small" error being thrown.
2016-06-27Use correct variableJon Cave1-1/+1
2016-06-27Fix Get-GroupsXML for multiple <Group> tagsJon Cave1-6/+6
Select all <Group> nodes and iterate through them, not just the root <Groups> node.
2016-06-24Changed Get-NetGroup and Get-NetGroupMember to search for samaccountname ↵Harmj0y1-6/+6
instead of name
2016-06-24Fixed Find-LocalAdminAccess to properly check for the object output from ↵Harmj0y1-4/+4
Invoke-CheckLocalAdminAccess...whoops
2016-06-24Turned Get-GptTmpl and Get-GroupsXML into filtersHarmj0y1-113/+121
2016-06-24Merge pull request #157 from Meatballs1/localgrouprecursionHarmJ0y1-75/+72
Fix Get-NetLocalGroup Recursion for LocalGroups
2016-06-23Fixed bug in Get-ModifiablePath that resulted in spaces being expanded to ↵Harmj0y2-42/+101
the current directory location Fixed other logic bugs in Get-ModifiablePath Fixed bug in Add-ServiceDacl when the [ServiceProcess.ServiceController] wasn't loaded yet by Get-Service Error handling for Get-CachedGPPPassword Changed some Write-Warnings to Write-Verbose Updated Privesc Pester tests for PowerUp
2016-06-21Add missing parenthesisMeatballs1-1/+1
2016-06-21Check class typeMeatballs1-76/+73
Recurse if localgroup as well as domaingroup Normalize output values to empty string
2016-06-14Fixed logic bugs in Find-GPOLocation and Find-GPOComputerAdminHarmj0y1-30/+64
2016-06-12Fixed some Invoke-MapDomainTrust and Get-NetDomainTrust logicHarmj0y1-46/+57
Changed domain/forest Write-Warning's to Write-Verbose
2016-06-12Cleaned up Get-NetGroup's logic a bit, removed filtering for primary group ↵Harmj0y1-76/+96
ID (i.e. domain users) Modified Get-DomainSID to simplify Changed group determination in Get-NetLocalGroup -API Few optimizations to Find-ForeignUser and Find-ForeignGroup Changed DNS resolution method for Invoke-UserHunter Added 'PowerView.GPOLocalGroup' type to Find-GPOLocation
2016-06-12Merge pull request #150 from breenmachine/devHarmJ0y1-1/+1
Fixed thread countdown timer in Invoke-ThreadedFunction, wasn't ever …
2016-06-11Fixed thread countdown timer in Invoke-ThreadedFunction, wasn't ever killing ↵Stephen Breen1-1/+1
rogue jobs
2016-06-08Fixed LDAP preference for when -ADSPath is passed to Get-NetDomainTrustHarmj0y1-20/+29
Fixed Get-DomainSID to allow for a -DomainController parameter Fixed Get-NetDomainTrust logic
2016-06-08Fixed a few GC bugs in Get-DomainSearcherHarmj0y1-24/+49
Added attempted gpcfilesyspath resolution to Get-NetGPO Added -ADSPath for Get-NetDomainTrust
2016-06-07bug fixes/error handling in Get-NetGPOGroup for version 2Harmj0y1-30/+43
2016-06-07Corrected -Path parameter in Write-ServiceBinaryHarmj0y1-6/+6
2016-06-06Small bug fix in Find-GPOLocation when enumerating all relationshipsHarmj0y1-29/+79
Moved GPOType check to Get-NetGPOGroup Expanded comments and help for GPO location cmdlets
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 12:08:53 +0000