From d9e9231755d672e98e6ee9c4a5ae90ae8dda001c Mon Sep 17 00:00:00 2001
From: HarmJ0y <will@harmj0y.net>
Date: Thu, 25 May 2017 01:30:25 -0400
Subject: -Added negations to some -GroupScope and -GroupProperty values

---
 Recon/PowerView.ps1 | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'Recon/PowerView.ps1')

diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index 524c85e..021f9be 100755
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -8751,11 +8751,12 @@ Switch. Return users with '(adminCount=1)' (meaning are/were privileged).
 .PARAMETER GroupScope
 
 Specifies the scope (DomainLocal, Global, or Universal) of the group(s) to search for.
+Also accepts NotDomainLocal, NotGloba, and NotUniversal as negations.
 
 .PARAMETER GroupProperty
 
 Specifies a specific property to search for when performing the group search.
-Possible values are Security, Distribution, and CreatedBySystem.
+Possible values are Security, Distribution, CreatedBySystem, and NotCreatedBySystem.
 
 .PARAMETER Domain
 
@@ -8919,12 +8920,12 @@ Custom PSObject with translated group property fields.
         [Switch]
         $AdminCount,
 
-        [ValidateSet('DomainLocal', 'Global', 'Universal')]
+        [ValidateSet('DomainLocal', 'NotDomainLocal', 'Global', 'NotGlobal', 'Universal', 'NotUniversal')]
         [Alias('Scope')]
         [String]
         $GroupScope,
 
-        [ValidateSet('Security', 'Distribution', 'CreatedBySystem')]
+        [ValidateSet('Security', 'Distribution', 'CreatedBySystem', 'NotCreatedBySystem')]
         [String]
         $GroupProperty,
 
@@ -9075,18 +9076,22 @@ Custom PSObject with translated group property fields.
                 if ($PSBoundParameters['GroupScope']) {
                     $GroupScopeValue = $PSBoundParameters['GroupScope']
                     $Filter = Switch ($GroupScopeValue) {
-                        'DomainLocal'   { '(groupType:1.2.840.113556.1.4.803:=4)' }
-                        'Global'        { '(groupType:1.2.840.113556.1.4.803:=2)' }
-                        'Universal'     { '(groupType:1.2.840.113556.1.4.803:=8)' }
+                        'DomainLocal'       { '(groupType:1.2.840.113556.1.4.803:=4)' }
+                        'NotDomainLocal'    { '(!(groupType:1.2.840.113556.1.4.803:=4))' }
+                        'Global'            { '(groupType:1.2.840.113556.1.4.803:=2)' }
+                        'NotGlobal'         { '(!(groupType:1.2.840.113556.1.4.803:=2))' }
+                        'Universal'         { '(groupType:1.2.840.113556.1.4.803:=8)' }
+                        'NotUniversal'      { '(!(groupType:1.2.840.113556.1.4.803:=8))' }
                     }
                     Write-Verbose "[Get-DomainGroup] Searching for group scope '$GroupScopeValue'"
                 }
                 if ($PSBoundParameters['GroupProperty']) {
                     $GroupPropertyValue = $PSBoundParameters['GroupProperty']
                     $Filter = Switch ($GroupPropertyValue) {
-                        'Security'          { '(groupType:1.2.840.113556.1.4.803:=2147483648)' }
-                        'Distribution'      { '(!(groupType:1.2.840.113556.1.4.803:=2147483648))' }
-                        'CreatedBySystem'   { '(groupType:1.2.840.113556.1.4.803:=1)' }
+                        'Security'              { '(groupType:1.2.840.113556.1.4.803:=2147483648)' }
+                        'Distribution'          { '(!(groupType:1.2.840.113556.1.4.803:=2147483648))' }
+                        'CreatedBySystem'       { '(groupType:1.2.840.113556.1.4.803:=1)' }
+                        'NotCreatedBySystem'    { '(!(groupType:1.2.840.113556.1.4.803:=1))' }
                     }
                     Write-Verbose "[Get-DomainGroup] Searching for group property '$GroupPropertyValue'"
                 }
-- 
cgit v1.2.3