From 9f7906280d4eca7717892d9ec0af3c3f5ddef015 Mon Sep 17 00:00:00 2001 From: Andy Robbins Date: Tue, 10 May 2016 00:01:38 -0400 Subject: Added name resolution to custom PSObject generated by Invoke-UserHunter. --- Recon/PowerView.ps1 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'Recon') diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index b62f245..6c0d896 100644 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -9646,6 +9646,26 @@ function Invoke-UserHunter { $FoundUser | Add-Member Noteproperty 'IPAddress' $IPAddress $FoundUser | Add-Member Noteproperty 'SessionFrom' $CName + # Try to resolve the DNS hostname of $Cname + if ($Cname -match '[a-zA-Z]') { + Try { + $CNameDNSName = [System.Net.Dns]::GetHostByName($CName).Hostname + } + Catch { + $CNameDNSName = $Cname + } + $FoundUser | Add-Member NoteProperty 'SessionFromName' $CnameDNSName + } + else { + Try { + $CNameDNSName = [System.Net.Dns]::Resolve($Cname).HostName + } + Catch { + $CNameDNSName = $Cname + } + $FoundUser | Add-Member NoteProperty 'SessionFromName' $CnameDNSName + } + # see if we're checking to see if we have local admin access on this machine if ($CheckAccess) { $Admin = Invoke-CheckLocalAdminAccess -ComputerName $CName -- cgit v1.2.3