From fa1baa64a86bfba58a07bd43faf8c9d37b0e0424 Mon Sep 17 00:00:00 2001
From: HarmJ0y <will@harmj0y.net>
Date: Wed, 11 Jan 2017 18:00:27 -0500
Subject: Parenthesis escaping for Get-DomainObject DN searches

---
 Recon/PowerView.ps1 | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index 3afa61c..22970ed 100755
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -6071,23 +6071,26 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
                         $ObjectSearcher = Get-DomainSearcher @SearcherArguments
                     }
                 }
-                elseif ($IdentityInstance -match '^S-1-.*') {
-                    $IdentityFilter += "(objectsid=$IdentityInstance)"
-                }
-                elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
-                    $IdentityFilter += "(distinguishedname=$IdentityInstance)"
-                }
                 else {
-                    try {
-                        $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
-                        $IdentityFilter += "(objectguid=$GuidByteString)"
+                    $IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
+                    if ($IdentityInstance -match '^S-1-.*') {
+                        $IdentityFilter += "(objectsid=$IdentityInstance)"
                     }
-                    catch {
-                        if ($IdentityInstance.Contains('.')) {
-                            $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
+                    elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
+                        $IdentityFilter += "(distinguishedname=$IdentityInstance)"
+                    }
+                    else {
+                        try {
+                            $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
+                            $IdentityFilter += "(objectguid=$GuidByteString)"
                         }
-                        else {
-                            $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
+                        catch {
+                            if ($IdentityInstance.Contains('.')) {
+                                $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
+                            }
+                            else {
+                                $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
+                            }
                         }
                     }
                 }
-- 
cgit v1.2.3