Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
591 Commits 2 Branches 2 Tags 16 MiB
Commit Graph

140 Commits

Author SHA1 Message Date
Harmj0y c89f0b9969 Logic bug fix in Get-NetDomainTrust 2016-05-13 01:11:47 -04:00
Harmj0y 56824c1799 Get-NetDomainTrust now gets an -API option to enumerate trusts through DsEnumerateDomainTrusts() 
Logic bug fix for Get-DNSZone
Bug fix for Get-NetLocalGroup
 2016-05-13 01:07:24 -04:00
Meatballs 3e936765f5
Fix groupsxml parsing 2016-05-12 21:03:20 +01:00
HarmJ0y 30324b7c5e Merge pull request #135 from Meatballs1/trust_sids 
Retrieve Domain SIDs with -LDAP
 2016-05-09 21:24:57 -07:00
Harmj0y 7b4becfe72 Added Invoke-UserHunter field to keep output objects in sync. 2016-05-10 00:14:37 -04:00
Andy Robbins 9f7906280d Added name resolution to custom PSObject generated by Invoke-UserHunter. 2016-05-10 00:01:38 -04:00
Harmj0y 6ada127538 Began adding custom PSObject TypeNames to various PowerView output objects. 2016-05-09 23:22:51 -04:00
Meatballs 6a39c26b06
Retrieve Domain SIDs with -LDAP 2016-05-09 22:24:23 +01:00
Matt Kelly 0cedaf6142 Adds PSLoggedOn like functionality 
Adding in Get-LoggedOnLocal which uses HKU registry checks to see who
is logged locally to a remote box and only requires user level access
rights. The benefit over NetWkstaUserEnum is less user privileges
required (admin for NetWkstaUserEnum) and is the same process
PSLoggedOn uses.

Invoke-PSLoggedOn launches both Get-LoggedOnLocal and Get-NetSessions
and outputs the same format as PSLoggedOn.exe from Sysinternals.

I did not change Invoke-UserHunter non-stealth to this option yet, but
it is beneficial in that if you use both HKU and NetSessionEnum you
only require basic user level rights not admin remote.
 2016-05-05 19:12:33 -05:00
Harmj0y 26cef85d35 Added Get-RegistryMountedDrive 2016-05-03 22:52:36 -04:00
Harmj0y fbf6f30833 Modified Convert-DNSRecord to return the base64 encoded record for record types not currently handled. 2016-04-27 19:11:49 -04:00
Harmj0y 1f90c29429 Added Get-DNSZone and Get-DNSRecord to enumerate AD DNS information. 
Added Convert-DNSRecord (ported from Michael B. Smith's code at https://raw.githubusercontent.com/mmessano/PowerShell/master/dns-dump.ps1) - needs expansion work on record types
 2016-04-27 18:42:51 -04:00
Harmj0y 68c446b9b9 Changed some property types in Get-ObjectACL 2016-04-25 19:52:39 -04:00
Harmj0y 4cedfa1c30 added Request-SPNTicket to request kerberos tickets for specified SPNs 2016-04-24 10:56:07 -04:00
Harmj0y c52f9d712c For PowerView, added $Searcher.CacheResults = $False to Get-DomainSearcher 
Added dispose() approach for the following cmdlets:
Get-NetUser, Get-ObjectAcl/Add-ObjectAcl, Get-GUIDMap, Get-NetComputer, Get-ADObject, Get-NetOU, Get-NetSite, Get-NetSubnet, Get-NetGroup, Get-NetGroupMember, Get-DFSshare, Get-NetGPO, Get-NetDomainTrust
 2016-04-24 06:57:36 -04:00
HarmJ0y 7ed5343431 Merge pull request #128 from Meatballs1/fix_groups_xml 
//Group -> //Groups
 2016-04-24 12:17:48 +02:00
leechristensen c8ff194089 Change ComputerName default to the computer's name 
Change ComputerName default so Disabled doesn't report error
 2016-04-11 11:02:31 +01:00
Meatballs 6daaef2706
//Group -> //Groups 2016-04-03 08:09:33 +01:00
Harmj0y 37389e9658 Bug fix in Find-GPOLocation 2016-03-18 06:13:05 -04:00
Harmj0y 26a0757612 Added Get-SiteName to find the site a computer is a part of 
Added -ComputerName parameter to Get-NetGPO to enumerate all GPOs a given computer has applied
Fixed bug in Find-GPOComputerAdmin and added site enumeration for GPO links
 2016-03-15 15:13:32 -04:00
Harmj0y dee094a993 Additional error checking in Get-DFSshare 2016-03-11 16:37:14 -05:00
Harmj0y 2e1d49db33 Fixed bug with Get-NetGroupMember and computer accounts. 
samaccounttype enumeration now more accurate.
 2016-03-09 20:02:18 -05:00
Harmj0y 625705781e fix for Find-GPOComputerAdmin 2016-03-09 16:23:27 -05:00
Harmj0y 2e0197603c Bug fix for Invoke-EnumerateLocalAdmin 2016-03-09 15:37:38 -05:00
Harmj0y 236b16430c Removed Set-MacAttribute and Copy-ClonedFile 
Combined Convert-NT4toCanonical and Convert-DomainSimpletoNT4 into Convert-ADName
 2016-03-09 15:08:27 -05:00
Harmj0y e029509889 Added New-GPOImmediateTask 2016-03-07 19:17:25 -05:00
Harmj0y a87453eeca DomainOnly tweak 2016-03-07 02:53:30 -05:00
Harmj0y c883dabf77 Added -DomainOnly flag to Invoke-EnumerateLocalAdmin 2016-03-07 02:50:24 -05:00
Harmj0y 1c664758ce renamed output field for Get-NetLocalGroup API 2016-03-07 02:20:26 -05:00
Harmj0y b4891eb371 Added NetLocalGroupGetMembers enumeration method for Get-NetLocalGroup with the -API flag 
Fixed threading specification in most threaded functions.
 2016-03-07 02:00:00 -05:00
Meatballs 661b11ed3c Parse DFSv1 PKT 2016-03-07 05:32:36 +00:00
Harmj0y 26ca1a922e Added additional fields to Get-NetLocalGroup results. 2016-03-06 21:47:06 -05:00
Harmj0y 46e12414e8 Modified output of Find-GPOLocation to return more object information. 2016-02-28 23:05:28 -05:00
Harmj0y 4aea2f12f9 -fixed several bugs in Find-GPOLocation (-GroupName now works properly and Sites returned) 
-Find-GPOLocation with no arguments now returns all mappings
-fixed parsing issue in Get-NetGPOGroup- names now properly extracted from restricted group templates
 2016-02-28 22:30:22 -05:00
Harmj0y aea2eacd2d Most ldap-based search functions now accept a -Credential argument for querying from non-domain joined machines without a runas 
Changed several functions to filters, where appropriate.
Get-NetShare, Get-NetSession, Get-NetLoggedOn, Get-NetRDPSession, Invoke-CheckLocalAdminAccess, Get-LastLoggedOn, Get-CachedRDPConnection, Get-NetProcess are now filters, better handle pipeline input, and now return an augmented result object with the queried ComputerName as a field
Replaced RemoteUserName/RemotePassword with -Credential parameter in Get-CachedRDPConnection and Get-NetProcess
modified output object for Get-NetShare to be a proper object
Various bug fixes and better parameter validation
 2016-02-11 13:46:45 -05:00
Stuart Morgan 841150e1c6 Added Find-ManagedSecurityGroups 2015-12-28 17:54:47 +00:00
Harmj0y 5690b09027 Get-NetDomain now not called if -ComputerName or -ComputerFile are passed for meta functions, in order to prevent failure when running on a non-domain joined machine 
took out FQDN Pester tests from Recon.tests.ps1 that used $env:userdnsdomain
 2015-12-14 19:01:10 -05:00
Harmj0y a336562b70 Added Invoke-DowngradeAccount to set an account to use reversible encryption. 2015-12-11 14:58:07 -05:00
Harmj0y a0b95c36b4 Domain local group query fix. 
Added ConvertFrom-UACValue to convert binary UAC values to human readable format.
Corrected logic in Set-ADObject.
 2015-12-11 10:21:39 -05:00
Harmj0y 5fb690518d Integration of PowerView into ./Recon/ 2015-12-03 21:50:45 -05:00