From 6927a26940fdfaf4a7508a22a88572363c8b997c Mon Sep 17 00:00:00 2001 From: Mike Brancato Date: Mon, 16 Jan 2017 01:37:34 -0500 Subject: Fix for impersonation in Get-NetLocalGroup* Removed unnecessary warning about the 'WinNT' method Fixed Get-NetLocalGroup* to use impersonation - netapi32 functions weren't working. --- Recon/PowerView.ps1 | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to 'Recon') diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index ef9048a..142f2a3 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -12181,8 +12181,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx ) BEGIN { - if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) { - Write-Warning "[Get-NetLocalGroup] -Credential is only compatible with '-Method WinNT'" + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential } } @@ -12235,12 +12235,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx } else { # otherwise we're using the WinNT service provider - if ($Credential -ne [Management.Automation.PSCredential]::Empty) { - $ComputerProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer,computer", $Credential.UserName, $Credential.GetNetworkCredential().Password) - } - else { - $ComputerProvider = [ADSI]"WinNT://$Computer,computer" - } + $ComputerProvider = [ADSI]"WinNT://$Computer,computer" $ComputerProvider.psbase.children | Where-Object { $_.psbase.schemaClassName -eq 'group' } | ForEach-Object { $LocalGroup = ([ADSI]$_) @@ -12255,6 +12250,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx } } } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } } @@ -12386,8 +12387,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx ) BEGIN { - if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) { - Write-Warning "[Get-NetLocalGroupMember] -Credential is only compatible with '-Method WinNT'" + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential } } @@ -12481,12 +12482,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx else { # otherwise we're using the WinNT service provider try { - if ($Credential -ne [Management.Automation.PSCredential]::Empty) { - $GroupProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer/$GroupName,group", $Credential.UserName, $Credential.GetNetworkCredential().Password) - } - else { - $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group" - } + $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group" $GroupProvider.psbase.Invoke('Members') | ForEach-Object { @@ -12571,6 +12567,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx } } } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } } -- cgit v1.2.3