Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

For PowerView, added $Searcher.CacheResults = $False to Get-DomainSearcher 

Added dispose() approach for the following cmdlets:
Get-NetUser, Get-ObjectAcl/Add-ObjectAcl, Get-GUIDMap, Get-NetComputer, Get-ADObject, Get-NetOU, Get-NetSite, Get-NetSubnet, Get-NetGroup, Get-NetGroupMember, Get-DFSshare, Get-NetGPO, Get-NetDomainTrust
This commit is contained in:
Harmj0y 2016-04-24 06:57:36 -04:00
parent 7ed5343431
commit c52f9d712c
1 changed files with 71 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
Recon/PowerView.ps1
View File

@ -1678,6 +1678,7 @@ filter Get-DomainSearcher {
}
$Searcher.PageSize = $PageSize
$Searcher.CacheResults = $False
$Searcher
}
@ -2126,10 +2127,13 @@ function Get-NetUser {
$UserSearcher.filter="(&(samAccountType=805306368)$Filter)"
}
$UserSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $UserSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties
}
$Results.dispose()
$UserSearcher.dispose()
}
}
}
@ -2857,7 +2861,8 @@ function Get-ObjectAcl {
}
try {
$Searcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $Searcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Object = [adsi]($_.path)
if($Object.distinguishedname) {
@ -2909,6 +2914,8 @@ function Get-ObjectAcl {
}
else { $_ }
}
$Results.dispose()
$Searcher.dispose()
}
catch {
Write-Warning $_
@ -3080,7 +3087,9 @@ function Add-ObjectAcl {
}
try {
$Searcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $Searcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# adapted from https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a9c-be98-c4da6e591a0a/forum-faq-using-powershell-to-assign-permissions-on-active-directory-objects
$TargetDN = $_.Properties.distinguishedname
@ -3135,6 +3144,8 @@ function Add-ObjectAcl {
Write-Warning "Error granting principal $PrincipalSID '$Rights' on $TargetDN : $_"
}
}
$Results.dispose()
$Searcher.dispose()
}
catch {
Write-Warning "Error: $_"
@ -3303,10 +3314,13 @@ filter Get-GUIDMap {
if($SchemaSearcher) {
$SchemaSearcher.filter = "(schemaIDGUID=*)"
try {
$SchemaSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $SchemaSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# convert the GUID
$GUIDs[(New-Object Guid (,$_.properties.schemaidguid[0])).Guid] = $_.properties.name[0]
}
$Results.dispose()
$SchemaSearcher.dispose()
}
catch {
Write-Debug "Error in building GUID map: $_"
@ -3317,10 +3331,13 @@ filter Get-GUIDMap {
if ($RightsSearcher) {
$RightsSearcher.filter = "(objectClass=controlAccessRight)"
try {
$RightsSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $RightsSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# convert the GUID
$GUIDs[$_.properties.rightsguid[0].toString()] = $_.properties.name[0]
}
$Results.dispose()
$RightsSearcher.dispose()
}
catch {
Write-Debug "Error in building GUID map: $_"
@ -3520,8 +3537,8 @@ function Get-NetComputer {
$CompSearcher.filter = $CompFilter
try {
$CompSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $CompSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Up = $True
if($Ping) {
# TODO: how can these results be piped to ping for a speedup?
@ -3539,6 +3556,8 @@ function Get-NetComputer {
}
}
}
$Results.dispose()
$CompSearcher.dispose()
}
catch {
Write-Warning "Error: $_"
@ -3680,7 +3699,8 @@ function Get-ADObject {
$ObjectSearcher.filter = "(&(samAccountName=$SamAccountName)$Filter)"
}
$ObjectSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $ObjectSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
if($ReturnRaw) {
$_
}
@ -3689,6 +3709,8 @@ function Get-ADObject {
Convert-LDAPProperty -Properties $_.Properties
}
}
$Results.dispose()
$ObjectSearcher.dispose()
}
}
}
@ -4233,7 +4255,8 @@ function Get-NetOU {
}
try {
$OUSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $OUSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
if ($FullData) {
# convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties
@ -4243,6 +4266,8 @@ function Get-NetOU {
$_.properties.adspath
}
}
$Results.dispose()
$OUSearcher.dispose()
}
catch {
Write-Warning $_
@ -4346,7 +4371,8 @@ function Get-NetSite {
}
try {
$SiteSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $SiteSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
if ($FullData) {
# convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties
@ -4356,6 +4382,8 @@ function Get-NetSite {
$_.properties.name
}
}
$Results.dispose()
$SiteSearcher.dispose()
}
catch {
Write-Warning $_
@ -4453,7 +4481,8 @@ function Get-NetSubnet {
$SubnetSearcher.filter="(&(objectCategory=subnet))"
try {
$SubnetSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $SubnetSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
if ($FullData) {
# convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties | Where-Object { $_.siteobject -match "CN=$SiteName" }
@ -4476,6 +4505,8 @@ function Get-NetSubnet {
}
}
}
$Results.dispose()
$SubnetSearcher.dispose()
}
catch {
Write-Warning $_
@ -4686,8 +4717,9 @@ function Get-NetGroup {
else {
$GroupSearcher.filter = "(&(objectCategory=group)(name=$GroupName)$Filter)"
}
$GroupSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $GroupSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# if we're returning full data objects
if ($FullData) {
# convert/process the LDAP fields for each result
@ -4698,6 +4730,8 @@ function Get-NetGroup {
$_.properties.samaccountname
}
}
$Results.dispose()
$GroupSearcher.dispose()
}
}
}
@ -4869,7 +4903,8 @@ function Get-NetGroupMember {
$GroupSearcher.filter = "(&(objectCategory=group)(objectSID=$SID)$Filter)"
}
$GroupSearcher.FindAll() | ForEach-Object {
$Results = $GroupSearcher.FindAll()
$Results | ForEach-Object {
try {
if (!($_) -or !($_.properties) -or !($_.properties.name)) { continue }
@ -4917,6 +4952,8 @@ function Get-NetGroupMember {
Write-Verbose $_
}
}
$Results.dispose()
$GroupSearcher.dispose()
}
$Members | Where-Object {$_} | ForEach-Object {
@ -5377,7 +5414,8 @@ function Get-DFSshare {
$DFSsearcher.filter = "(&(objectClass=fTDfs))"
try {
$DFSSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $DFSSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Properties = $_.Properties
$RemoteNames = $Properties.remoteservername
$Pkt = $Properties.pkt
@ -5393,6 +5431,8 @@ function Get-DFSshare {
}
}
}
$Results.dispose()
$DFSSearcher.dispose()
if($pkt -and $pkt[0]) {
Parse-Pkt $pkt[0] | ForEach-Object {
@ -5442,7 +5482,8 @@ function Get-DFSshare {
$DFSSearcher.PropertiesToLoad.AddRange(('msdfs-linkpathv2','msDFS-TargetListv2'))
try {
$DFSSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $DFSSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Properties = $_.Properties
$target_list = $Properties.'msdfs-targetlistv2'[0]
$xml = [xml][System.Text.Encoding]::Unicode.GetString($target_list[2..($target_list.Length-1)])
@ -5460,6 +5501,8 @@ function Get-DFSshare {
}
}
}
$Results.dispose()
$DFSSearcher.dispose()
}
catch {
Write-Warning "Get-DFSshareV2 error : $_"
@ -5873,11 +5916,14 @@ function Get-NetGPO {
$GPOSearcher.filter="(&(objectCategory=groupPolicyContainer)(name=$GPOname))"
try {
$GPOSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $GPOSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Out = Convert-LDAPProperty -Properties $_.Properties
$Out | Add-Member Noteproperty 'ComputerName' $ComputerName
$Out
}
$Results.dispose()
$GPOSearcher.dispose()
}
catch {
Write-Warning $_
@ -5894,10 +5940,13 @@ function Get-NetGPO {
}
try {
$GPOSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $GPOSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties
}
$Results.dispose()
$GPOSearcher.dispose()
}
catch {
Write-Warning $_
@ -11762,7 +11811,8 @@ function Get-NetDomainTrust {
$TrustSearcher.filter = '(&(objectClass=trustedDomain))'
$TrustSearcher.FindAll() | Where-Object {$_} | ForEach-Object {
$Results = $TrustSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Props = $_.Properties
$DomainTrust = New-Object PSObject
$TrustAttrib = Switch ($Props.trustattributes)
@ -11795,6 +11845,8 @@ function Get-NetDomainTrust {
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction"
$DomainTrust
}
$Results.dispose()
$TrustSearcher.dispose()
}
}