Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bug fix for Invoke-EnumerateLocalAdmin

This commit is contained in:
Harmj0y 2016-03-09 15:37:38 -05:00
parent 236b16430c
commit 2e0197603c
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Recon/PowerView.ps1
View File

@ -6872,7 +6872,6 @@ function Get-NetLocalGroup {
$AdsPath = ($_.GetType().InvokeMember('Adspath', 'GetProperty', $Null, $_, $Null)).Replace('WinNT://', '') $AdsPath = ($_.GetType().InvokeMember('Adspath', 'GetProperty', $Null, $_, $Null)).Replace('WinNT://', '')
# try to translate the NT4 domain to a FQDN if possible # try to translate the NT4 domain to a FQDN if possible
Write-Verbose "AdsPath: $AdsPath"
$Name = Convert-ADName -ObjectName $AdsPath -InputType 'NT4' -OutputType 'Canonical' $Name = Convert-ADName -ObjectName $AdsPath -InputType 'NT4' -OutputType 'Canonical'
if($Name) { if($Name) {
@ -10639,7 +10638,7 @@ function Find-LocalAdminAccess {
Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay)
Write-Verbose "[*] Enumerating server $Computer ($Counter of $($ComputerName.count))" Write-Verbose "[*] Enumerating server $Computer ($Counter of $($ComputerName.count))"
Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $Computer, $False, $OutFile, $DomainSID, $TrustGroupsSIDs Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $Computer, $False
} }
} }
} }
@ -11220,10 +11219,10 @@ function Invoke-EnumerateLocalAdmin {
} }
# if we just want to return cross-trust users # if we just want to return cross-trust users
if($DomainSID -and $TrustGroupSIDS) { if($DomainSID) {
# get the local machine SID # get the local machine SID
$LocalSID = ($LocalAdmins | Where-Object { $_.SID -match '.*-500$' }).SID -replace "-500$" $LocalSID = ($LocalAdmins | Where-Object { $_.SID -match '.*-500$' }).SID -replace "-500$"
Write-Verbose "LocalSid for $ComputerName : $LocalSID"
# filter out accounts that begin with the machine SID and domain SID # filter out accounts that begin with the machine SID and domain SID
# but preserve any groups that have users across a trust ($TrustGroupSIDS) # but preserve any groups that have users across a trust ($TrustGroupSIDS)
$LocalAdmins = $LocalAdmins | Where-Object { ($TrustGroupsSIDs -contains $_.SID) -or ((-not $_.SID.startsWith($LocalSID)) -and (-not $_.SID.startsWith($DomainSID))) } $LocalAdmins = $LocalAdmins | Where-Object { ($TrustGroupsSIDs -contains $_.SID) -or ((-not $_.SID.startsWith($LocalSID)) -and (-not $_.SID.startsWith($DomainSID))) }
@ -11244,7 +11243,7 @@ function Invoke-EnumerateLocalAdmin {
} }
} }
else { else {
Write-Verbose "[!] No users returned from $Server" Write-Verbose "[!] No users returned from $ComputerName"
} }
} }
} }