Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Typo correction and Recon README.md update

This commit is contained in:
HarmJ0y 2016-12-12 20:36:42 -05:00
parent 32bd21e335
commit 6aca12a956
3 changed files with 85 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Recon/PowerView.ps1
View File

@ -8642,7 +8642,7 @@ function Get-DomainGroupMember {
<#
.SYNOPSIS
Return the memberes of a specific domain group.
Return the members of a specific domain group.
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
@ -11635,7 +11635,7 @@ function Get-NetLocalGroup {
<#
.SYNOPSIS
Eunmerates the local groups on the local (or remote) machine.
Enumerates the local groups on the local (or remote) machine.
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
@ -11815,7 +11815,7 @@ function Get-NetLocalGroupMember {
<#
.SYNOPSIS
Eunmerates members of a specific local group on the local (or remote) machine.
Enumerates members of a specific local group on the local (or remote) machine.
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
@ -13594,7 +13594,7 @@ function Get-WMIProcess {
<#
.SYNOPSIS
Gets a list of processes and their owners on the local or remote machine
Returns a list of processes and their owners on the local or remote machine.
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
@ -14069,7 +14069,7 @@ function Find-DomainUserLocation {
<#
.SYNOPSIS
Finds domains machines where specific users are logged into.
Finds domain machines where specific users are logged into.
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
@ -17758,7 +17758,7 @@ function Get-DomainTrustMapping {
<#
.SYNOPSIS
This function enumeartes all trusts for the current domain and then enumerates
This function enumerates all trusts for the current domain and then enumerates
all trusts for each domain it finds.
Author: Will Schroeder (@harmj0y)

160
Recon/README.md
View File

@ -34,96 +34,92 @@ an array of hosts from the pipeline.
### Misc Functions:
Export-PowerViewCSV - thread-safe CSV append
Set-MacAttribute - Sets MAC attributes for a file based on another file or input (from Powersploit)
Copy-ClonedFile - copies a local file to a remote location, matching MAC properties
Get-IPAddress - resolves a hostname to an IP
Test-Server - tests connectivity to a specified server
Convert-NameToSid - converts a given user/group name to a security identifier (SID)
Convert-SidToName - converts a security identifier (SID) to a group/user name
Convert-NT4toCanonical - converts a user/group NT4 name (i.e. dev/john) to canonical format
Get-Proxy - enumerates local proxy settings
Resolve-IPAddress - resolves a hostname to an IP
ConvertTo-SID - converts a given user/group name to a security identifier (SID)
Convert-ADName - converts object names between a variety of formats
ConvertFrom-UACValue - converts a UAC int value to human readable form
Add-RemoteConnection - pseudo "mounts" a connection to a remote path using the specified credential object
Remove-RemoteConnection - destroys a connection created by New-RemoteConnection
Invoke-UserImpersonation - creates a new "runas /netonly" type logon and impersonates the token
Invoke-RevertToSelf - reverts any token impersonation
Get-DomainSPNTicket - request the kerberos ticket for a specified service principal name (SPN)
Invoke-Kerberoast - requests service tickets for kerberoast-able accounts and returns extracted ticket hashes
Get-PathAcl - get the ACLs for a local/remote file path with optional group recursion
Get-UserProperty - returns all properties specified for users, or a set of user:prop names
Get-ComputerProperty - returns all properties specified for computers, or a set of computer:prop names
Find-InterestingFile - search a local or remote path for files with specific terms in the name
Invoke-CheckLocalAdminAccess - check if the current user context has local administrator access to a specified host
Get-DomainSearcher - builds a proper ADSI searcher object for a given domain
Get-ObjectAcl - returns the ACLs associated with a specific active directory object
Add-ObjectAcl - adds an ACL to a specified active directory object
Get-LastLoggedOn - return the last logged on user for a target host
Get-CachedRDPConnection - queries all saved RDP connection entries on a target host
Invoke-ACLScanner - enumerate -1000+ modifable ACLs on a specified domain
Get-GUIDMap - returns a hash table of current GUIDs -> display names
Get-DomainSID - return the SID for the specified domain
Invoke-ThreadedFunction - helper that wraps threaded invocation for other functions
### net * Functions:
Get-NetDomain - gets the name of the current user's domain
Get-NetForest - gets the forest associated with the current user's domain
Get-NetForestDomain - gets all domains for the current forest
Get-NetDomainController - gets the domain controllers for the current computer's domain
Get-NetUser - returns all user objects, or the user specified (wildcard specifiable)
Add-NetUser - adds a local or domain user
Get-NetComputer - gets a list of all current servers in the domain
Get-NetPrinter - gets an array of all current computers objects in a domain
Get-NetOU - gets data for domain organization units
Get-NetSite - gets current sites in a domain
Get-NetSubnet - gets registered subnets for a domain
Get-NetGroup - gets a list of all current groups in a domain
Get-NetGroupMember - gets a list of all current users in a specified domain group
Get-NetLocalGroup - gets the members of a localgroup on a remote host or hosts
Add-NetGroupUser - adds a local or domain user to a local or domain group
Get-NetFileServer - get a list of file servers used by current domain users
Get-DFSshare - gets a list of all distribute file system shares on a domain
Get-NetShare - gets share information for a specified server
Get-NetLoggedon - gets users actively logged onto a specified server
Get-NetSession - gets active sessions on a specified server
Get-NetRDPSession - gets active RDP sessions for a specified server (like qwinsta)
Get-NetProcess - gets the remote processes and owners on a remote server
Get-UserEvent - returns logon or TGT events from the event log for a specified host
Get-ADObject - takes a domain SID and returns the user, group, or computer
object associated with it
Set-ADObject - takes a SID, name, or SamAccountName to query for a specified
domain object, and then sets a specified 'PropertyName' to a
specified 'PropertyValue'
### Domain/LDAP Functions:
Get-DomainDNSZone - enumerates the Active Directory DNS zones for a given domain
Get-DomainDNSRecord - enumerates the Active Directory DNS records for a given zone
Get-Domain - returns the domain object for the current (or specified) domain
Get-DomainController - return the domain controllers for the current (or specified) domain
Get-Forest - returns the forest object for the current (or specified) forest
Get-ForestDomain - return all domains for the current (or specified) forest
Get-ForestGlobalCatalog - return all global catalogs for the current (or specified) forest
Find-DomainObjectPropertyOutlier- inds user/group/computer objects in AD that have 'outlier' properties set
Get-DomainUser - return all users or specific user objects in AD
New-DomainUser - creates a new domain user (assuming appropriate permissions) and returns the user object
Get-DomainUserEvent - enumerates account logon events (ID 4624) and Logon with explicit credential events
Get-DomainComputer - returns all computers or specific computer objects in AD
Get-DomainObject - returns all (or specified) domain objects in AD
Set-DomainObject - modifies a gven property for a specified active directory object
Get-DomainObjectAcl - returns the ACLs associated with a specific active directory object
Add-DomainObjectAcl - adds an ACL for a specific active directory object
Find-InterestingDomainAcl - finds object ACLs in the current (or specified) domain with modification rights set to non-built in objects
Get-DomainOU - search for all organization units (OUs) or specific OU objects in AD
Get-DomainSite - search for all sites or specific site objects in AD
Get-DomainSubnet - search for all subnets or specific subnets objects in AD
Get-DomainSID - returns the SID for the current domain or the specified domain
Get-DomainGroup - return all groups or specific group objects in AD
New-DomainGroup - creates a new domain group (assuming appropriate permissions) and returns the group object
Get-DomainManagedSecurityGroup - returns all security groups in the current (or target) domain that have a manager set
Get-DomainGroupMember - return the members of a specific domain group
Add-DomainGroupMember - adds a domain user (or group) to an existing domain group, assuming appropriate permissions to do so
Get-DomainFileServer - returns a list of servers likely functioning as file servers
Get-DomainDFSShare - returns a list of all fault-tolerant distributed file systems for the current (or specified) domain
### GPO functions
Get-GptTmpl - parses a GptTmpl.inf to a custom object
Get-NetGPO - gets all current GPOs for a given domain
Get-NetGPOGroup - gets all GPOs in a domain that set "Restricted Groups"
on on target machines
Find-GPOLocation - takes a user/group and makes machines they have effective
rights over through GPO enumeration and correlation
Find-GPOComputerAdmin - takes a computer and determines who has admin rights over it
through GPO enumeration
Get-DomainPolicy - returns the default domain or DC policy
Get-DomainGPO - returns all GPOs or specific GPO objects in AD
Get-DomainGPOLocalGroup - returns all GPOs in a domain that modify local group memberships through 'Restricted Groups' or Group Policy preferences
Get-DomainGPOUserLocalGroupMapping - enumerates the machines where a specific domain user/group is a member of a specific local group, all through GPO correlation
Get-DomainGPOComputerLocalGroupMapping - takes a computer (or GPO) object and determines what users/groups are in the specified local group for the machine through GPO correlation
Get-DomainPolicy - returns the default domain policy or the domain controller policy for the current domain or a specified domain/domain controller
### User-Hunting Functions:
Invoke-UserHunter - finds machines on the local domain where specified users are logged into, and can optionally check if the current user has local admin access to found machines
Invoke-StealthUserHunter - finds all file servers utilizes in user HomeDirectories, and checks the sessions one each file server, hunting for particular users
Invoke-ProcessHunter - hunts for processes with a specific name or owned by a specific user on domain machines
Invoke-UserEventHunter - hunts for user logon events in domain controller event logs
### Computer Enumeration Functions
Get-NetLocalGroup - enumerates the local groups on the local (or remote) machine
Get-NetLocalGroupMember - enumerates members of a specific local group on the local (or remote) machine
Get-NetShare - returns open shares on the local (or a remote) machine
Get-NetLoggedon - returns users logged on the local (or a remote) machine
Get-NetSession - returns session information for the local (or a remote) machine
Get-RegLoggedOn - returns who is logged onto the local (or a remote) machine through enumeration of remote registry keys
Get-NetRDPSession - returns remote desktop/session information for the local (or a remote) machine
Test-AdminAccess - rests if the current user has administrative access to the local (or a remote) machine
Get-NetComputerSiteName - returns the AD site where the local (or a remote) machine resides
Get-WMIRegProxy - enumerates the proxy server and WPAD conents for the current user
Get-WMIRegLastLoggedOn - returns the last user who logged onto the local (or a remote) machine
Get-WMIRegCachedRDPConnection - returns information about RDP connections outgoing from the local (or remote) machine
Get-WMIRegMountedDrive - returns information about saved network mounted drives for the local (or remote) machine
Get-WMIProcess - returns a list of processes and their owners on the local or remote machine
Find-InterestingFile - searches for files on the given path that match a series of specified criteria
### Threaded 'Meta'-Functions
Find-DomainUserLocation - finds domain machines where specific users are logged into
Find-DomainProcess - finds domain machines where specific processes are currently running
Find-DomainUserEvent - finds logon events on the current (or remote domain) for the specified users
Find-DomainShare - finds reachable shares on domain machines
Find-InterestingDomainShareFile - searches for files matching specific criteria on readable shares in the domain
Find-LocalAdminAccess - finds machines on the local domain where the current user has local administrator access
Find-DomainLocalGroupMember - enumerates the members of specified local group on machines in the domain
### Domain Trust Functions:
Get-NetDomainTrust - gets all trusts for the current user's domain
Get-NetForestTrust - gets all trusts for the forest associated with the current user's domain
Find-ForeignUser - enumerates users who are in groups outside of their principal domain
Find-ForeignGroup - enumerates all the members of a domain's groups and finds users that are outside of the queried domain
Invoke-MapDomainTrust - try to build a relational mapping of all domain trusts
### MetaFunctions:
Invoke-ShareFinder - finds (non-standard) shares on hosts in the local domain
Invoke-FileFinder - finds potentially sensitive files on hosts in the local domain
Find-LocalAdminAccess - finds machines on the domain that the current user has local admin access to
Find-ManagedSecurityGroups - searches for active directory security groups which are managed and identify users who have write access to
- those groups (i.e. the ability to add or remove members)
Find-UserField - searches a user field for a particular term
Find-ComputerField - searches a computer field for a particular term
Get-ExploitableSystem - finds systems likely vulnerable to common exploits
Invoke-EnumerateLocalAdmin - enumerates members of the local Administrators groups across all machines in the domain
Get-DomainTrust - returns all domain trusts for the current domain or a specified domain
Get-ForestTrust - returns all forest trusts for the current forest or a specified forest
Get-DomainForeignUser - enumerates users who are in groups outside of the user's domain
Get-DomainForeignGroupMember - enumerates groups with users outside of the group's domain and returns each foreign member
Get-DomainTrustMapping - this function enumerates all trusts for the current domain and then enumerates all trusts for each domain it finds

2
Recon/Recon.psd1
View File

@ -90,7 +90,7 @@ FunctionsToExport = @(
'Find-DomainShare',
'Find-InterestingDomainShareFile',
'Find-LocalAdminAccess',
'Get-DomainLocalGroupMember',
'Find-DomainLocalGroupMember',
'Get-DomainTrust',
'Get-ForestTrust',
'Get-DomainForeignUser',