Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

For PowerView, added $Searcher.CacheResults = $False to Get-DomainSearcher 

Added dispose() approach for the following cmdlets:
Get-NetUser, Get-ObjectAcl/Add-ObjectAcl, Get-GUIDMap, Get-NetComputer, Get-ADObject, Get-NetOU, Get-NetSite, Get-NetSubnet, Get-NetGroup, Get-NetGroupMember, Get-DFSshare, Get-NetGPO, Get-NetDomainTrust
This commit is contained in:
Harmj0y 2016-04-24 06:57:36 -04:00
parent 7ed5343431
commit c52f9d712c
1 changed files with 71 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
Recon/PowerView.ps1
View File

@ -1678,6 +1678,7 @@ filter Get-DomainSearcher {
} }
$Searcher.PageSize = $PageSize $Searcher.PageSize = $PageSize
$Searcher.CacheResults = $False
$Searcher $Searcher
} }
@ -2126,10 +2127,13 @@ function Get-NetUser {
$UserSearcher.filter="(&(samAccountType=805306368)$Filter)" $UserSearcher.filter="(&(samAccountType=805306368)$Filter)"
} }
$UserSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $UserSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# convert/process the LDAP fields for each result # convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties Convert-LDAPProperty -Properties $_.Properties
} }
$Results.dispose()
$UserSearcher.dispose()
} }
} }
} }
@ -2857,7 +2861,8 @@ function Get-ObjectAcl {
} }
try { try {
$Searcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $Searcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Object = [adsi]($_.path) $Object = [adsi]($_.path)
if($Object.distinguishedname) { if($Object.distinguishedname) {
@ -2909,6 +2914,8 @@ function Get-ObjectAcl {
} }
else { $_ } else { $_ }
} }
$Results.dispose()
$Searcher.dispose()
} }
catch { catch {
Write-Warning $_ Write-Warning $_
@ -3080,7 +3087,9 @@ function Add-ObjectAcl {
} }
try { try {
$Searcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $Searcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# adapted from https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a9c-be98-c4da6e591a0a/forum-faq-using-powershell-to-assign-permissions-on-active-directory-objects # adapted from https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a9c-be98-c4da6e591a0a/forum-faq-using-powershell-to-assign-permissions-on-active-directory-objects
$TargetDN = $_.Properties.distinguishedname $TargetDN = $_.Properties.distinguishedname
@ -3135,6 +3144,8 @@ function Add-ObjectAcl {
Write-Warning "Error granting principal $PrincipalSID '$Rights' on $TargetDN : $_" Write-Warning "Error granting principal $PrincipalSID '$Rights' on $TargetDN : $_"
} }
} }
$Results.dispose()
$Searcher.dispose()
} }
catch { catch {
Write-Warning "Error: $_" Write-Warning "Error: $_"
@ -3303,10 +3314,13 @@ filter Get-GUIDMap {
if($SchemaSearcher) { if($SchemaSearcher) {
$SchemaSearcher.filter = "(schemaIDGUID=*)" $SchemaSearcher.filter = "(schemaIDGUID=*)"
try { try {
$SchemaSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $SchemaSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# convert the GUID # convert the GUID
$GUIDs[(New-Object Guid (,$_.properties.schemaidguid[0])).Guid] = $_.properties.name[0] $GUIDs[(New-Object Guid (,$_.properties.schemaidguid[0])).Guid] = $_.properties.name[0]
} }
$Results.dispose()
$SchemaSearcher.dispose()
} }
catch { catch {
Write-Debug "Error in building GUID map: $_" Write-Debug "Error in building GUID map: $_"
@ -3317,10 +3331,13 @@ filter Get-GUIDMap {
if ($RightsSearcher) { if ($RightsSearcher) {
$RightsSearcher.filter = "(objectClass=controlAccessRight)" $RightsSearcher.filter = "(objectClass=controlAccessRight)"
try { try {
$RightsSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $RightsSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# convert the GUID # convert the GUID
$GUIDs[$_.properties.rightsguid[0].toString()] = $_.properties.name[0] $GUIDs[$_.properties.rightsguid[0].toString()] = $_.properties.name[0]
} }
$Results.dispose()
$RightsSearcher.dispose()
} }
catch { catch {
Write-Debug "Error in building GUID map: $_" Write-Debug "Error in building GUID map: $_"
@ -3520,8 +3537,8 @@ function Get-NetComputer {
$CompSearcher.filter = $CompFilter $CompSearcher.filter = $CompFilter
try { try {
$Results = $CompSearcher.FindAll()
$CompSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results | Where-Object {$_} | ForEach-Object {
$Up = $True $Up = $True
if($Ping) { if($Ping) {
# TODO: how can these results be piped to ping for a speedup? # TODO: how can these results be piped to ping for a speedup?
@ -3539,6 +3556,8 @@ function Get-NetComputer {
} }
} }
} }
$Results.dispose()
$CompSearcher.dispose()
} }
catch { catch {
Write-Warning "Error: $_" Write-Warning "Error: $_"
@ -3680,7 +3699,8 @@ function Get-ADObject {
$ObjectSearcher.filter = "(&(samAccountName=$SamAccountName)$Filter)" $ObjectSearcher.filter = "(&(samAccountName=$SamAccountName)$Filter)"
} }
$ObjectSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $ObjectSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
if($ReturnRaw) { if($ReturnRaw) {
$_ $_
} }
@ -3689,6 +3709,8 @@ function Get-ADObject {
Convert-LDAPProperty -Properties $_.Properties Convert-LDAPProperty -Properties $_.Properties
} }
} }
$Results.dispose()
$ObjectSearcher.dispose()
} }
} }
} }
@ -4233,7 +4255,8 @@ function Get-NetOU {
} }
try { try {
$OUSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $OUSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
if ($FullData) { if ($FullData) {
# convert/process the LDAP fields for each result # convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties Convert-LDAPProperty -Properties $_.Properties
@ -4243,6 +4266,8 @@ function Get-NetOU {
$_.properties.adspath $_.properties.adspath
} }
} }
$Results.dispose()
$OUSearcher.dispose()
} }
catch { catch {
Write-Warning $_ Write-Warning $_
@ -4346,7 +4371,8 @@ function Get-NetSite {
} }
try { try {
$SiteSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $SiteSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
if ($FullData) { if ($FullData) {
# convert/process the LDAP fields for each result # convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties Convert-LDAPProperty -Properties $_.Properties
@ -4356,6 +4382,8 @@ function Get-NetSite {
$_.properties.name $_.properties.name
} }
} }
$Results.dispose()
$SiteSearcher.dispose()
} }
catch { catch {
Write-Warning $_ Write-Warning $_
@ -4453,7 +4481,8 @@ function Get-NetSubnet {
$SubnetSearcher.filter="(&(objectCategory=subnet))" $SubnetSearcher.filter="(&(objectCategory=subnet))"
try { try {
$SubnetSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $SubnetSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
if ($FullData) { if ($FullData) {
# convert/process the LDAP fields for each result # convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties | Where-Object { $_.siteobject -match "CN=$SiteName" } Convert-LDAPProperty -Properties $_.Properties | Where-Object { $_.siteobject -match "CN=$SiteName" }
@ -4476,6 +4505,8 @@ function Get-NetSubnet {
} }
} }
} }
$Results.dispose()
$SubnetSearcher.dispose()
} }
catch { catch {
Write-Warning $_ Write-Warning $_
@ -4687,7 +4718,8 @@ function Get-NetGroup {
$GroupSearcher.filter = "(&(objectCategory=group)(name=$GroupName)$Filter)" $GroupSearcher.filter = "(&(objectCategory=group)(name=$GroupName)$Filter)"
} }
$GroupSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $GroupSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# if we're returning full data objects # if we're returning full data objects
if ($FullData) { if ($FullData) {
# convert/process the LDAP fields for each result # convert/process the LDAP fields for each result
@ -4698,6 +4730,8 @@ function Get-NetGroup {
$_.properties.samaccountname $_.properties.samaccountname
} }
} }
$Results.dispose()
$GroupSearcher.dispose()
} }
} }
} }
@ -4869,7 +4903,8 @@ function Get-NetGroupMember {
$GroupSearcher.filter = "(&(objectCategory=group)(objectSID=$SID)$Filter)" $GroupSearcher.filter = "(&(objectCategory=group)(objectSID=$SID)$Filter)"
} }
$GroupSearcher.FindAll() | ForEach-Object { $Results = $GroupSearcher.FindAll()
$Results | ForEach-Object {
try { try {
if (!($_) -or !($_.properties) -or !($_.properties.name)) { continue } if (!($_) -or !($_.properties) -or !($_.properties.name)) { continue }
@ -4917,6 +4952,8 @@ function Get-NetGroupMember {
Write-Verbose $_ Write-Verbose $_
} }
} }
$Results.dispose()
$GroupSearcher.dispose()
} }
$Members | Where-Object {$_} | ForEach-Object { $Members | Where-Object {$_} | ForEach-Object {
@ -5377,7 +5414,8 @@ function Get-DFSshare {
$DFSsearcher.filter = "(&(objectClass=fTDfs))" $DFSsearcher.filter = "(&(objectClass=fTDfs))"
try { try {
$DFSSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $DFSSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Properties = $_.Properties $Properties = $_.Properties
$RemoteNames = $Properties.remoteservername $RemoteNames = $Properties.remoteservername
$Pkt = $Properties.pkt $Pkt = $Properties.pkt
@ -5393,6 +5431,8 @@ function Get-DFSshare {
} }
} }
} }
$Results.dispose()
$DFSSearcher.dispose()
if($pkt -and $pkt[0]) { if($pkt -and $pkt[0]) {
Parse-Pkt $pkt[0] | ForEach-Object { Parse-Pkt $pkt[0] | ForEach-Object {
@ -5442,7 +5482,8 @@ function Get-DFSshare {
$DFSSearcher.PropertiesToLoad.AddRange(('msdfs-linkpathv2','msDFS-TargetListv2')) $DFSSearcher.PropertiesToLoad.AddRange(('msdfs-linkpathv2','msDFS-TargetListv2'))
try { try {
$DFSSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $DFSSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Properties = $_.Properties $Properties = $_.Properties
$target_list = $Properties.'msdfs-targetlistv2'[0] $target_list = $Properties.'msdfs-targetlistv2'[0]
$xml = [xml][System.Text.Encoding]::Unicode.GetString($target_list[2..($target_list.Length-1)]) $xml = [xml][System.Text.Encoding]::Unicode.GetString($target_list[2..($target_list.Length-1)])
@ -5460,6 +5501,8 @@ function Get-DFSshare {
} }
} }
} }
$Results.dispose()
$DFSSearcher.dispose()
} }
catch { catch {
Write-Warning "Get-DFSshareV2 error : $_" Write-Warning "Get-DFSshareV2 error : $_"
@ -5873,11 +5916,14 @@ function Get-NetGPO {
$GPOSearcher.filter="(&(objectCategory=groupPolicyContainer)(name=$GPOname))" $GPOSearcher.filter="(&(objectCategory=groupPolicyContainer)(name=$GPOname))"
try { try {
$GPOSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $GPOSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Out = Convert-LDAPProperty -Properties $_.Properties $Out = Convert-LDAPProperty -Properties $_.Properties
$Out | Add-Member Noteproperty 'ComputerName' $ComputerName $Out | Add-Member Noteproperty 'ComputerName' $ComputerName
$Out $Out
} }
$Results.dispose()
$GPOSearcher.dispose()
} }
catch { catch {
Write-Warning $_ Write-Warning $_
@ -5894,10 +5940,13 @@ function Get-NetGPO {
} }
try { try {
$GPOSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $GPOSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# convert/process the LDAP fields for each result # convert/process the LDAP fields for each result
Convert-LDAPProperty -Properties $_.Properties Convert-LDAPProperty -Properties $_.Properties
} }
$Results.dispose()
$GPOSearcher.dispose()
} }
catch { catch {
Write-Warning $_ Write-Warning $_
@ -11762,7 +11811,8 @@ function Get-NetDomainTrust {
$TrustSearcher.filter = '(&(objectClass=trustedDomain))' $TrustSearcher.filter = '(&(objectClass=trustedDomain))'
$TrustSearcher.FindAll() | Where-Object {$_} | ForEach-Object { $Results = $TrustSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Props = $_.Properties $Props = $_.Properties
$DomainTrust = New-Object PSObject $DomainTrust = New-Object PSObject
$TrustAttrib = Switch ($Props.trustattributes) $TrustAttrib = Switch ($Props.trustattributes)
@ -11795,6 +11845,8 @@ function Get-NetDomainTrust {
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction" $DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction"
$DomainTrust $DomainTrust
} }
$Results.dispose()
$TrustSearcher.dispose()
} }
} }