aboutsummaryrefslogtreecommitdiff
path: root/Recon/PowerView.ps1
AgeCommit message (Collapse)AuthorFilesLines
2016-09-06Merge pull request #173 from joncave/user_pollingHarmJ0y1-113/+138
PowerView: Invoke-UserHunter -Poll
2016-08-25Add the EncPart param to Request-SPNTicketMatan Hart1-2/+29
Adds the ability to return the encrypted part of the ticket. This portion is the encrypted data that can be brute-forced with Kerberoast/Hashcat/JtR
2016-08-13Continuously collect output from background threadsJon Cave1-34/+27
The PowerShell.BeginInvoke<TInput, TOutput>(PSDataCollection<TInput>, PSDataCollection<TOutput>) method[1] is used to collect output from each job into a buffer. This can be read whilst the jobs are still running. Being able to return partial results is particularly useful for long running background threads, such as Invoke-UserHunter -Poll. PowerShell 2.0 doesn't play nicely with generic methods. The technique described in [2] is used to allow this version of BeginInvoke() to be used. [1] https://msdn.microsoft.com/en-us/library/dd182440(v=vs.85).aspx [2] http://www.leeholmes.com/blog/2007/06/19/invoking-generic-methods-on-non-generic-classes-in-powershell/
2016-08-13Add a polling mode to Invoke-UserHunterJon Cave1-79/+111
Repeatedly poll a set of target computers for user sessions. This could be a useful technique for building a much better picture of current sessions, but without having to communicate with every host. The -Poll parameter is used to specify the duration for which polling should occur. Each target computer is dedicated with a thread with -Delay and -Jitter specifying how long to sleep between each session enumeration attempt of an individual host.
2016-07-15typeHarmj0y1-1/+1
2016-07-15Fix for issue #167Harmj0y1-2/+4
2016-06-27Use correct variableJon Cave1-1/+1
2016-06-27Fix Get-GroupsXML for multiple <Group> tagsJon Cave1-6/+6
Select all <Group> nodes and iterate through them, not just the root <Groups> node.
2016-06-24Changed Get-NetGroup and Get-NetGroupMember to search for samaccountname ↵Harmj0y1-6/+6
instead of name
2016-06-24Fixed Find-LocalAdminAccess to properly check for the object output from ↵Harmj0y1-4/+4
Invoke-CheckLocalAdminAccess...whoops
2016-06-24Turned Get-GptTmpl and Get-GroupsXML into filtersHarmj0y1-113/+121
2016-06-21Add missing parenthesisMeatballs1-1/+1
2016-06-21Check class typeMeatballs1-76/+73
Recurse if localgroup as well as domaingroup Normalize output values to empty string
2016-06-14Fixed logic bugs in Find-GPOLocation and Find-GPOComputerAdminHarmj0y1-30/+64
2016-06-12Fixed some Invoke-MapDomainTrust and Get-NetDomainTrust logicHarmj0y1-46/+57
Changed domain/forest Write-Warning's to Write-Verbose
2016-06-12Cleaned up Get-NetGroup's logic a bit, removed filtering for primary group ↵Harmj0y1-76/+96
ID (i.e. domain users) Modified Get-DomainSID to simplify Changed group determination in Get-NetLocalGroup -API Few optimizations to Find-ForeignUser and Find-ForeignGroup Changed DNS resolution method for Invoke-UserHunter Added 'PowerView.GPOLocalGroup' type to Find-GPOLocation
2016-06-11Fixed thread countdown timer in Invoke-ThreadedFunction, wasn't ever killing ↵Stephen Breen1-1/+1
rogue jobs
2016-06-08Fixed LDAP preference for when -ADSPath is passed to Get-NetDomainTrustHarmj0y1-20/+29
Fixed Get-DomainSID to allow for a -DomainController parameter Fixed Get-NetDomainTrust logic
2016-06-08Fixed a few GC bugs in Get-DomainSearcherHarmj0y1-24/+49
Added attempted gpcfilesyspath resolution to Get-NetGPO Added -ADSPath for Get-NetDomainTrust
2016-06-07bug fixes/error handling in Get-NetGPOGroup for version 2Harmj0y1-30/+43
2016-06-06Small bug fix in Find-GPOLocation when enumerating all relationshipsHarmj0y1-29/+79
Moved GPOType check to Get-NetGPOGroup Expanded comments and help for GPO location cmdlets
2016-06-06Rewrote/corrected logic for Get-NetGPOGroup, Find-GPOLocation, and ↵Harmj0y1-281/+293
Find-GPOComputerAdmin Rewrote/corrected logic for Find-GPOLocation Added Get-IniContent and rewrote Get-GptTmpl to use Get-IniContent to parse GptTmpl.inf files Rewrote Get-GroupsXML to not resolve SIDs and return the same object type as Get-GptTmpl
2016-05-31Corrected error checking for functions that used GetLastErrorHarmj0y1-182/+89
General errors are now parsed with [ComponentModel.Win32Exception] and written with Write-Verbose Write-Debug calls converted to Write-Verbose or removed
2016-05-22-Fixed bug in Get-NetGroupMember's ranged searching logic on PowerShell v3+Harmj0y1-123/+114
-Corrected parameter/variable scoping bug in several functions -TODO: fix begin{} scoping issues in Find-InterestingFile, Invoke-UserHunter, Invoke-ProcessHunter, Invoke-EventHunter, Invoke-ShareFinder, Invoke-FileFinder, Find-LocalAdminAccess, Invoke-EnumerateLocalAdmin -Other misc. fixes
2016-05-22Get-LoggedOnLocal now handles the situation when multiple SIDs are returnedHarmj0y1-101/+33
Get-LoggedOnLocal turned into a filter and given additional error handling Standardized tab/line spacing Removed Invoke-PSLoggedOn
2016-05-22Merge pull request #133 from breakersall/devHarmJ0y1-0/+143
Adds PSLoggedOn like functionality
2016-05-18Merge pull request #140 from Meatballs1/fix_groups_xmlHarmJ0y1-10/+32
PowerView - Fix Groups.xml Parsing
2016-05-13Logic bug fix in Get-NetDomainTrustHarmj0y1-1/+1
2016-05-13Get-NetDomainTrust now gets an -API option to enumerate trusts through ↵Harmj0y1-16/+169
DsEnumerateDomainTrusts() Logic bug fix for Get-DNSZone Bug fix for Get-NetLocalGroup
2016-05-12Fix groupsxml parsingMeatballs1-10/+32
2016-05-09Merge pull request #135 from Meatballs1/trust_sidsHarmJ0y1-0/+6
Retrieve Domain SIDs with -LDAP
2016-05-10Added Invoke-UserHunter field to keep output objects in sync.Harmj0y1-0/+1
2016-05-10Added name resolution to custom PSObject generated by Invoke-UserHunter.Andy Robbins1-0/+20
2016-05-09Began adding custom PSObject TypeNames to various PowerView output objects.Harmj0y1-7/+27
2016-05-09Retrieve Domain SIDs with -LDAPMeatballs1-0/+6
2016-05-05Adds PSLoggedOn like functionalityMatt Kelly1-0/+143
Adding in Get-LoggedOnLocal which uses HKU registry checks to see who is logged locally to a remote box and only requires user level access rights. The benefit over NetWkstaUserEnum is less user privileges required (admin for NetWkstaUserEnum) and is the same process PSLoggedOn uses. Invoke-PSLoggedOn launches both Get-LoggedOnLocal and Get-NetSessions and outputs the same format as PSLoggedOn.exe from Sysinternals. I did not change Invoke-UserHunter non-stealth to this option yet, but it is beneficial in that if you use both HKU and NetSessionEnum you only require basic user level rights not admin remote.
2016-05-03Added Get-RegistryMountedDriveHarmj0y1-6/+120
2016-04-27Modified Convert-DNSRecord to return the base64 encoded record for record ↵Harmj0y1-52/+26
types not currently handled.
2016-04-27Added Get-DNSZone and Get-DNSRecord to enumerate AD DNS information.Harmj0y1-0/+360
Added Convert-DNSRecord (ported from Michael B. Smith's code at https://raw.githubusercontent.com/mmessano/PowerShell/master/dns-dump.ps1) - needs expansion work on record types
2016-04-25Changed some property types in Get-ObjectACLHarmj0y1-2/+9
2016-04-24added Request-SPNTicket to request kerberos tickets for specified SPNsHarmj0y1-0/+48
2016-04-24For PowerView, added $Searcher.CacheResults = $False to Get-DomainSearcherHarmj0y1-19/+71
Added dispose() approach for the following cmdlets: Get-NetUser, Get-ObjectAcl/Add-ObjectAcl, Get-GUIDMap, Get-NetComputer, Get-ADObject, Get-NetOU, Get-NetSite, Get-NetSubnet, Get-NetGroup, Get-NetGroupMember, Get-DFSshare, Get-NetGPO, Get-NetDomainTrust
2016-04-24Merge pull request #128 from Meatballs1/fix_groups_xmlHarmJ0y1-2/+2
//Group -> //Groups
2016-04-11Change ComputerName default to the computer's nameleechristensen1-1/+1
Change ComputerName default so Disabled doesn't report error
2016-04-03//Group -> //GroupsMeatballs1-2/+2
2016-03-18Bug fix in Find-GPOLocationHarmj0y1-5/+9
2016-03-15Added Get-SiteName to find the site a computer is a part ofHarmj0y1-101/+288
Added -ComputerName parameter to Get-NetGPO to enumerate all GPOs a given computer has applied Fixed bug in Find-GPOComputerAdmin and added site enumeration for GPO links
2016-03-11Additional error checking in Get-DFSshareHarmj0y1-9/+10
2016-03-09Fixed bug with Get-NetGroupMember and computer accounts.Harmj0y1-33/+15
samaccounttype enumeration now more accurate.
2016-03-09fix for Find-GPOComputerAdminHarmj0y1-3/+15
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-25 19:52:22 +0000