| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
-fixed Get-DomainForeignUser / Get-DomainForeignGroupMember when using a global catalog
-target group/member domains are now extracted from found DN names
|
|
-Added WhenCreated/WhenChanged as default output for Get-DomainTrust
|
|
|
|
|
|
|
|
change.
|
|
built-in sids.
|
|
Host parsing extension for IP ranges
|
|
Add-DomainGroupMember allows for adding users to a group, and is especially useful given its ability to supply alternate credentials when establishing the connection to the DC. Remove-DomainGroupMember is intended to act as a "cleanup" function for attack paths that abuse DACL misconfigurations, where we need to remove a principal from a group after we are done abusing that group's existing permissions.
|
|
|
|
If a user does not manually specify $GroupName it defaults to "Administrators" which may not be valid in specific regions. I added a check to pull out the Group Name from the Admin SID, see:
https://github.com/PowerShellMafia/PowerSploit/issues/176
|
|
Fixed alias typo for Find-GPOComputerAdmin
|
|
enumeration
Example: Get-DomainUser -UACFilter DONT_REQ_PREAUTH,NOT_PASSWORD_EXPIRED
Returns users with kerberos preauth not set AND where the password isn't expired
-Integrated New-DynamicParameter from beatcracker in order to accomplish the dynamic params
-Corrected from help typos
|
|
Verb-Domain* functions,
the object's domain is now extracted from the dn and the directory searcher is rebound to the proper domain.
|
|
|
|
|
|
metadata from domain objects
-Added Get-DomainObjectLinkedAttributeHistory to retrieve linked attribute replication metadata from domain objects (i.e. group memberships)
-Added Get-DomainGroupMemberDeleted to retrieve information on group members that were removed from a specified group at some point
|
|
|
|
|
|
|
|
-Added "-GroupProperty [Security/Distribution/CreatedBySystem]" to Get-DomainGroup
|
|
-added parsing of the 'accountexpires' property into human readable format
-added parsing of the 'grouptype' property into human readable format
-added parsing of the 'samaccounttype' property into a readable format
|
|
|
|
Get-GPODelegation
|
|
Modified Get-IniContent and Get-GptTmpl to accept '-OutputObject' to output a PSObject instead of a hashtable
|
|
|
|
Fixed null access control entry in results.
|
|
Small extension of the host parsing function so you can also pass ranges
(e.g 172.16.0.1-172.16.2.254) as target
|
|
Hi,
I know you guys mentioned this before, but I've not this implemented.
I wrote Get-GPODelegation that finds users with write permissions on Group Policy objects, for a potential privilege escalation path.
As requested, moved into dev branch.
|
|
bug fix for nested OUs with similar starting names.
|
|
Added ConvertFrom-LDAPLogonHours and New-ADObjectAccessControlEntry
|
|
function to accept any policy.
|
|
Fix for impersonation in Get-NetLocalGroup*
|
|
Invoke-CompareAttributesForClass.ps1
|
|
Support for DNs containing commas
|
|
The DFS subfunctions only accept a single $Domain
|
|
Changed the LDAP SecurityMasks settings so that you can change the Owner/DACL if you only have WriteOwner/WriteDacl permissions on the object (Default SecurityMasks is "Owner, Group, Dacl")
|
|
If an object's distinguished name contains a comma then it ends up quoted:
CN=Smith\, John,OU=Admins,DC=example,DC=com
This breaks a number of functions which attempt to identify DOMAIN\name
by matching on a \ anywhere in the specified identity before checking if
the identity was a DN (or SID or GUID).
For example, attempting to list members of "Domain Admins" using
Get-DomainGroupMember gives the following:
VERBOSE: [Convert-ADName] Error initializing translation for 'CN=Smith\, John,OU=Admins,DC=example,DC=com' : Exception calling "InvokeMember" with "5" argument(s): "The specified domain either does not exist or could not be contacted. (Exception from HRESULT: 0x8007054B)"
VERBOSE: [Convert-ADName] Error translating 'CN=Smith\, John,OU=Admins,DC=example,DC=com' : The specified domain either does not exist or could not be contacted. (Exception from HRESULT: 0x8007054B)
VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (objectClass=*)
The fix implemented here is to perform more specific pattern matching
prior to falling back to looking for a \. The order is SID, DN, GUID,
qualified name (DOMAIN\name), and then plain name.
|
|
Specifying the type as an array of strings results in an error when
passing on the parameter to Get-DomainSearcher:
C:\> Get-DomainDFSShare -Domain test
Get-DomainSearcher : Cannot process argument transformation on parameter 'Domain'. Cannot convert value to type System.String.
At PowerView.ps1:10242 char:46
|
|
|
|
|
|
Removed unnecessary warning about the 'WinNT' method
Fixed Get-NetLocalGroup* to use impersonation - netapi32 functions weren't working.
|
|
|
|
|
|
|
|
Fixed KerberosPreauthNotRequired
|
|
|
|
|