| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixed Get-DomainSID to allow for a -DomainController parameter
Fixed Get-NetDomainTrust logic
|
|
Added attempted gpcfilesyspath resolution to Get-NetGPO
Added -ADSPath for Get-NetDomainTrust
|
|
|
|
|
|
Moved GPOType check to Get-NetGPOGroup
Expanded comments and help for GPO location cmdlets
|
|
|
|
Get-GPPPassword.
Added Pester tests for Get-CachedGPPPassword.
|
|
Find-GPOComputerAdmin
Rewrote/corrected logic for Find-GPOLocation
Added Get-IniContent and rewrote Get-GptTmpl to use Get-IniContent to parse GptTmpl.inf files
Rewrote Get-GroupsXML to not resolve SIDs and return the same object type as Get-GptTmpl
|
|
PowerUp PSReflect
|
|
Bug fixes
Corrected PowerUp Pester tests
Changed 'Path' field to 'ModifiablePath' in 'Get-ModifiablePath'
Get-ServiceUnquoted now filters paths through Get-ModifiablePath
|
|
Renamed Find-PathHijack to Find-PathDLLHijack
Fixed exposed functions in PowerSploit.psd1
|
|
|
|
-Additional error checking and documentation
-OpenProcessToken() call now uses TOKEN_QUERY instead of TOKEN_READ
|
|
with SID and attributes fields
|
|
user is a part of, regardless of being disabled.
Replaced 'whoami /groups' local admin + medium integrity check with comparison against Get-CurrentUserTokenGroupSid
|
|
file objects
-Service functions now accept just -Name (instead of -Service/-ServiceName) that accepts has ValueFromPipelineByPropertyName set in order to handle service objects on the pipeline
-Moved PSReflect signatures to the bottom of the script
-Function and help cleanup
|
|
|
|
-Get-VulnSchTask renamed to Get-ModifiableScheduledTaskFile
-Get-VulnAutoRun renamed Get-RegistryAutoRun
-Get-RegAutoLogon renamed Get-RegistryAutoLogon
-Find-DLLHijack renamed to Find-ProcessDLLHijack for clarification, code cleaned up, -Process parameter added, output object detail expanded, and help expanded
-Removed most of the code from Find-PathHijack, replacing it with Get-ModifiablePath
-Cleaned up logic for Write-HijackDll
-Expanded help for the registry enumeration cmdlets
-Added local user creation options to Write-HijackDll to match Write-ServiceBinary
-Increased pause between user creation commands
|
|
-Fixed parameter sets for Write-ServiceBinary and added -Credential and -Service params
-Simplified/corrected logic for Install-ServiceBinary
-Fixed parameter sets and simplified logic for Restore-ServiceBinary
-Added sanity check with Get-ModifiableFile for Install-ServiceBinary
-Cleaned up lingering spaces
|
|
Invoke-ServiceDisable
-Renamed Get-ServiceFilePermission to Get-ModifiableServiceFile
-Renamed Get-ServicePermission Get-ModifiableService
-Integrated PSReflect codebase from @mattifestation
-Modified Get-ModifiableFile to enumerate the ACLs for passed file paths, returning the path/permission set/identityreference for each modifable file (instead of opening file for modification)
-Added Add-ServiceDacl from @mattifestation to add service Dacls to Get-Service objects
-Added Set-ServiceBinPath replace "sc.exe config SERVICE binPath= X" - now modifies using the ChangeServiceConfig Win32 API call
-Revamped Test-ServiceDaclPermission to take advantage of Add-ServiceDacl. Service permissions are now matched up against the current user's group memberships and specified permission sets to check for.
-Functions that checked for service restarting now use Test-ServiceDaclPermission
-Get-ModifiableService now uses Test-ServiceDaclPermission
-Invoke-ServiceAbuse completely rebuilt to use native PowerShell functions and Set-ServiceBinPath to reconfiguring service binary paths for abuse
-Parameter sets rewritten for several functions to accept -Credential objects were applicable and -Service objects from Get-Service on the pipeline
TODO: Tune up Write-ServiceBinary, Install-ServiceBinary, Restore-ServiceBinary, Find-DLLHijack, Find-PathHijack, Write-HijackDll, and all the registry checks
|
|
|
|
|
|
General errors are now parsed with [ComponentModel.Win32Exception] and written with Write-Verbose
Write-Debug calls converted to Write-Verbose or removed
|
|
|
|
Add hourly scheduled task persistence option
|
|
The parameter type and return types were accidentally transposed. Thanks
@rojaster for pointing this out.
|
|
|
|
|
|
|
|
-Corrected parameter/variable scoping bug in several functions
-TODO: fix begin{} scoping issues in Find-InterestingFile, Invoke-UserHunter, Invoke-ProcessHunter, Invoke-EventHunter, Invoke-ShareFinder, Invoke-FileFinder, Find-LocalAdminAccess, Invoke-EnumerateLocalAdmin
-Other misc. fixes
|
|
Get-LoggedOnLocal turned into a filter and given additional error handling
Standardized tab/line spacing
Removed Invoke-PSLoggedOn
|
|
Adds PSLoggedOn like functionality
|
|
PowerView - Fix Groups.xml Parsing
|
|
|
|
|
|
DsEnumerateDomainTrusts()
Logic bug fix for Get-DNSZone
Bug fix for Get-NetLocalGroup
|
|
|
|
Added Get-MicrophoneAudio.ps1 and associated Pester tests
|
|
|
|
Retrieve Domain SIDs with -LDAP
|
|
|
|
Added name resolution to custom PSObject generated by Invoke-UserHunter.
|
|
|
|
|
|
|
|
Adding in Get-LoggedOnLocal which uses HKU registry checks to see who
is logged locally to a remote box and only requires user level access
rights. The benefit over NetWkstaUserEnum is less user privileges
required (admin for NetWkstaUserEnum) and is the same process
PSLoggedOn uses.
Invoke-PSLoggedOn launches both Get-LoggedOnLocal and Get-NetSessions
and outputs the same format as PSLoggedOn.exe from Sysinternals.
I did not change Invoke-UserHunter non-stealth to this option yet, but
it is beneficial in that if you use both HKU and NetSessionEnum you
only require basic user level rights not admin remote.
|
|
|
|
types not currently handled.
|
|
Added Convert-DNSRecord (ported from Michael B. Smith's code at https://raw.githubusercontent.com/mmessano/PowerShell/master/dns-dump.ps1) - needs expansion work on record types
|
|
|