From 3e936765f5674823a68aa96f7fc100f4fe9c450e Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Thu, 12 May 2016 21:03:20 +0100
Subject: Fix groupsxml parsing

---
 Recon/PowerView.ps1 | 42 ++++++++++++++++++++++++++++++++----------
 1 file changed, 32 insertions(+), 10 deletions(-)

(limited to 'Recon/PowerView.ps1')

diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index bc52035..6763acf 100644
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -6091,7 +6091,7 @@ function Get-GroupsXML {
 
             # so we can cd/dir the new drive
             $GroupsXMLPath = $RandDrive + ":\" + $FilePath
-        } 
+        }
     }
 
     process {
@@ -6106,21 +6106,21 @@ function Get-GroupsXML {
                 $MemberOf = @()
 
                 # extract the localgroup sid for memberof
-                $LocalSid = $_.Properties.GroupSid
+                $LocalSid = $_.Group.Properties.GroupSid
                 if(!$LocalSid) {
-                    if($_.Properties.groupName -match 'Administrators') {
+                    if($_.Group.Properties.groupName -match 'Administrators') {
                         $LocalSid = 'S-1-5-32-544'
                     }
-                    elseif($_.Properties.groupName -match 'Remote Desktop') {
+                    elseif($_.Group.Properties.groupName -match 'Remote Desktop') {
                         $LocalSid = 'S-1-5-32-555'
                     }
                     else {
-                        $LocalSid = $_.Properties.groupName
+                        $LocalSid = $_.Group.Properties.groupName
                     }
                 }
                 $MemberOf = @($LocalSid)
 
-                $_.Properties.members | ForEach-Object {
+                $_.Group.Properties.members | ForEach-Object {
                     # process each member of the above local group
                     $_ | Select-Object -ExpandProperty Member | Where-Object { $_.action -match 'ADD' } | ForEach-Object {
 
@@ -6143,16 +6143,38 @@ function Get-GroupsXML {
                     }
 
                     if($ResolveSids) {
-                        $Memberof = $Memberof | ForEach-Object {Convert-SidToName $_}
-                        $Members = $Members | ForEach-Object {Convert-SidToName $_}
+                        $Memberof = $Memberof | ForEach-Object {
+                            $memof = $_
+                            if ($memof.StartsWith("S-1-"))
+                            {
+                                try {
+                                    Convert-SidToName $memof
+                                } catch {
+                                    $memof
+                                }
+                            } else {
+                                $memof
+                            }
+                        }
+                        $Members= $Members | ForEach-Object {
+                            $member = $_
+                            if ($member.StartsWith("S-1-"))
+                            {
+                                try {
+                                    Convert-SidToName $member
+                                } catch {
+                                    $member
+                                }
+                            } else {
+                                $member
+                            }
+                        }
                     }
 
                     if($Memberof -isnot [system.array]) {$Memberof = @($Memberof)}
                     if($Members -isnot [system.array]) {$Members = @($Members)}
 
                     $GPOProperties = @{
-                        'GPODisplayName' = $GPODisplayName
-                        'GPOName' = $GPOName
                         'GPOPath' = $GroupsXMLPath
                         'Filters' = $Filters
                         'MemberOf' = $Memberof
-- 
cgit v1.2.3