From 7a3e16ace550fb335182960576aab236a0a00219 Mon Sep 17 00:00:00 2001
From: b33f <ru.boonen@gmail.com>
Date: Sat, 22 Jul 2017 14:33:20 +0100
Subject: +Region check on Find-DomainLocalGroupMember

If a user does not manually specify $GroupName it defaults to "Administrators" which may not be valid in specific regions. I added a check to pull out the Group Name from the Admin SID, see:
https://github.com/PowerShellMafia/PowerSploit/issues/176
---
 Recon/PowerView.ps1 | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'Recon')

diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index 40b060c..9c0c810 100755
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -18911,6 +18911,12 @@ Custom PSObject with translated group property fields from WinNT results.
         $HostEnumBlock = {
             Param($ComputerName, $GroupName, $Method, $TokenHandle)
 
+            # Add check if user defaults to/selects "Administrators"
+            if ($GroupName -eq "Administrators") {
+                $AdminSecurityIdentifier = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid,$null)
+                $GroupName = ($SecurityIdentifier.Translate([System.Security.Principal.NTAccount]).Value -split "\\")[-1]
+            }
+
             if ($TokenHandle) {
                 # impersonate the the token produced by LogonUser()/Invoke-UserImpersonation
                 $Null = Invoke-UserImpersonation -TokenHandle $TokenHandle -Quiet
-- 
cgit v1.2.3