Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge 198d9f78dd into c7985c9bc3

This commit is contained in:
mwkoehler 2017-09-30 02:23:55 +00:00 committed by GitHub
parent c7985c9bc3 198d9f78dd
commit b730511d17
1 changed files with 60 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Privesc/PowerUp.ps1
View File

@ -853,7 +853,7 @@ function Get-ModifiablePath {
# if the path doesn't exist, check if the parent folder allows for modification # if the path doesn't exist, check if the parent folder allows for modification
try { try {
$ParentPath = Split-Path $TempPath -Parent $ParentPath = Split-Path $TempPath -Parent
if($ParentPath -and (Test-Path -Path $ParentPath)) { if ($ParentPath -and ($ParentPath -ne '') -and ($ParentPath -ne '\') -and (Test-Path -Path $ParentPath )) {
$CandidatePaths += Resolve-Path -Path $ParentPath -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Path $CandidatePaths += Resolve-Path -Path $ParentPath -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Path
} }
} }
@ -880,7 +880,7 @@ function Get-ModifiablePath {
# if the path doesn't exist, check if the parent folder allows for modification # if the path doesn't exist, check if the parent folder allows for modification
try { try {
$ParentPath = (Split-Path -Path $TempPath -Parent).Trim() $ParentPath = (Split-Path -Path $TempPath -Parent).Trim()
if($ParentPath -and ($ParentPath -ne '') -and (Test-Path -Path $ParentPath )) { if ($ParentPath -and ($ParentPath -ne '') -and ($ParentPath -ne '\') -and (Test-Path -Path $ParentPath )) {
$CandidatePaths += Resolve-Path -Path $ParentPath | Select-Object -ExpandProperty Path $CandidatePaths += Resolve-Path -Path $ParentPath | Select-Object -ExpandProperty Path
} }
} }
@ -900,6 +900,8 @@ function Get-ModifiablePath {
$CandidatePaths | Sort-Object -Unique | ForEach-Object { $CandidatePaths | Sort-Object -Unique | ForEach-Object {
$CandidatePath = $_ $CandidatePath = $_
try
{
Get-Acl -Path $CandidatePath | Select-Object -ExpandProperty Access | Where-Object {($_.AccessControlType -match 'Allow')} | ForEach-Object { Get-Acl -Path $CandidatePath | Select-Object -ExpandProperty Access | Where-Object {($_.AccessControlType -match 'Allow')} | ForEach-Object {
$FileSystemRights = $_.FileSystemRights.value__ $FileSystemRights = $_.FileSystemRights.value__
@ -932,6 +934,10 @@ function Get-ModifiablePath {
} }
} }
} }
catch [System.UnauthorizedAccessException] {
# Get-ACL access failure means user has no access
}
}
} }
} }
} }
@ -990,6 +996,8 @@ function Get-CurrentUserTokenGroupSid {
For ($i=0; $i -lt $TokenGroups.GroupCount; $i++) { For ($i=0; $i -lt $TokenGroups.GroupCount; $i++) {
# convert each token group SID to a displayable string # convert each token group SID to a displayable string
$SidString = '' $SidString = ''
if ($TokenGroups.Groups[$i].SID -and $TokenGroups.Groups[$i].SID -ne '')
{
$Result = $Advapi32::ConvertSidToStringSid($TokenGroups.Groups[$i].SID, [ref]$SidString);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() $Result = $Advapi32::ConvertSidToStringSid($TokenGroups.Groups[$i].SID, [ref]$SidString);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
if($Result -eq 0) { if($Result -eq 0) {
Write-Verbose "Error: $(([ComponentModel.Win32Exception] $LastError).Message)" Write-Verbose "Error: $(([ComponentModel.Win32Exception] $LastError).Message)"
@ -1003,6 +1011,7 @@ function Get-CurrentUserTokenGroupSid {
} }
} }
} }
}
else { else {
Write-Warning ([ComponentModel.Win32Exception] $LastError) Write-Warning ([ComponentModel.Win32Exception] $LastError)
} }
@ -3672,6 +3681,7 @@ function Get-CachedGPPPassword {
$Password += , $DecryptedPassword $Password += , $DecryptedPassword
} }
if ($Password -or $UserName -or $Changed -or $NewName) {
# put [BLANK] in variables # put [BLANK] in variables
if (-not $Password) {$Password = '[BLANK]'} if (-not $Password) {$Password = '[BLANK]'}
if (-not $UserName) {$UserName = '[BLANK]'} if (-not $UserName) {$UserName = '[BLANK]'}
@ -3689,6 +3699,7 @@ function Get-CachedGPPPassword {
Write-Verbose "The password is between {} and may be more than one value." Write-Verbose "The password is between {} and may be more than one value."
if ($ResultsObject) {Return $ResultsObject} if ($ResultsObject) {Return $ResultsObject}
} }
}
catch {Write-Error $Error[0]} catch {Write-Error $Error[0]}
} }