-fixed Get-DomainForeignUser / Get-DomainForeignGroupMember when using a global catalog
-target group/member domains are now extracted from found DN names
Add-DomainGroupMember allows for adding users to a group, and is especially useful given its ability to supply alternate credentials when establishing the connection to the DC. Remove-DomainGroupMember is intended to act as a "cleanup" function for attack paths that abuse DACL misconfigurations, where we need to remove a principal from a group after we are done abusing that group's existing permissions.
When removing the persistence, the profile is not cleaned up. This is a temporary fix for that which should leave any legitemate profile content in tact. This psm may need a rework though.
Related to:
https://github.com/PowerShellMafia/PowerSploit/issues/165
If a user does not manually specify $GroupName it defaults to "Administrators" which may not be valid in specific regions. I added a check to pull out the Group Name from the Admin SID, see:
https://github.com/PowerShellMafia/PowerSploit/issues/176
Example: Get-DomainUser -UACFilter DONT_REQ_PREAUTH,NOT_PASSWORD_EXPIRED
Returns users with kerberos preauth not set AND where the password isn't expired
-Integrated New-DynamicParameter from beatcracker in order to accomplish the dynamic params
-Corrected from help typos
-Added Get-DomainObjectLinkedAttributeHistory to retrieve linked attribute replication metadata from domain objects (i.e. group memberships)
-Added Get-DomainGroupMemberDeleted to retrieve information on group members that were removed from a specified group at some point
-added parsing of the 'accountexpires' property into human readable format
-added parsing of the 'grouptype' property into human readable format
-added parsing of the 'samaccounttype' property into a readable format
Hi,
I know you guys mentioned this before, but I've not this implemented.
I wrote Get-GPODelegation that finds users with write permissions on Group Policy objects, for a potential privilege escalation path.
As requested, moved into dev branch.
harmj0y
Will
Andy Robbins
Dave Hull
b33f
byt3bl33d3r
HackJammer
James McGinnigle
Itamar
Christoph Falta