Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit 520bf43

Browse files
HarmJ0yHarmJ0y
authored
Merge pull request #174 from Meatballs1/securitygroups
Retrieve Security groups by default
2 parents 926979a + 917a095 commit 520bf43

File tree

1 file changed

+23
-12
lines changed

1 file changed

+23
-12
lines changed

Recon/PowerView.ps1

Lines changed: 23 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -5105,22 +5105,26 @@ function Get-NetGroup {
51055105
A [Management.Automation.PSCredential] object of alternate credentials
51065106
for connection to the target domain.
51075107
5108+
.PARAMETER AllTypes
5109+
5110+
By default we will retrieve only Security, not Distribution Groups.
5111+
51085112
.EXAMPLE
51095113
51105114
PS C:\> Get-NetGroup
5111-
5112-
Returns the current groups in the domain.
5115+
5116+
Returns the current security groups in the domain.
51135117
51145118
.EXAMPLE
51155119
51165120
PS C:\> Get-NetGroup -GroupName *admin*
5117-
5121+
51185122
Returns all groups with "admin" in their group name.
51195123
51205124
.EXAMPLE
51215125
51225126
PS C:\> Get-NetGroup -Domain testing -FullData
5123-
5127+
51245128
Returns full group data objects in the 'testing' domain
51255129
#>
51265130

@@ -5141,10 +5145,10 @@ function Get-NetGroup {
51415145

51425146
[String]
51435147
$Domain,
5144-
5148+
51455149
[String]
51465150
$DomainController,
5147-
5151+
51485152
[String]
51495153
$ADSpath,
51505154

@@ -5157,7 +5161,10 @@ function Get-NetGroup {
51575161
[Switch]
51585162
$RawSids,
51595163

5160-
[ValidateRange(1,10000)]
5164+
[Switch]
5165+
$AllTypes,
5166+
5167+
[ValidateRange(1,10000)]
51615168
[Int]
51625169
$PageSize = 200,
51635170

@@ -5167,6 +5174,10 @@ function Get-NetGroup {
51675174

51685175
begin {
51695176
$GroupSearcher = Get-DomainSearcher -Domain $Domain -DomainController $DomainController -Credential $Credential -ADSpath $ADSpath -PageSize $PageSize
5177+
if (!$AllTypes)
5178+
{
5179+
$Filter += "(groupType:1.2.840.113556.1.4.803:=2147483648)"
5180+
}
51705181
}
51715182

51725183
process {
@@ -5221,7 +5232,7 @@ function Get-NetGroup {
52215232
else {
52225233
$GroupSearcher.filter = "(&(objectCategory=group)(samaccountname=$GroupName)$Filter)"
52235234
}
5224-
5235+
52255236
$Results = $GroupSearcher.FindAll()
52265237
$Results | Where-Object {$_} | ForEach-Object {
52275238
# if we're returning full data objects
@@ -5376,15 +5387,15 @@ function Get-NetGroupMember {
53765387
if ($Recurse -and $UseMatchingRule) {
53775388
# resolve the group to a distinguishedname
53785389
if ($GroupName) {
5379-
$Group = Get-NetGroup -GroupName $GroupName -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
5390+
$Group = Get-NetGroup -AllTypes -GroupName $GroupName -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
53805391
}
53815392
elseif ($SID) {
5382-
$Group = Get-NetGroup -SID $SID -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
5393+
$Group = Get-NetGroup -AllTypes -SID $SID -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
53835394
}
53845395
else {
53855396
# default to domain admins
53865397
$SID = (Get-DomainSID -Domain $TargetDomain -DomainController $TargetDomainController) + "-512"
5387-
$Group = Get-NetGroup -SID $SID -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
5398+
$Group = Get-NetGroup -AllTypes -SID $SID -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
53885399
}
53895400
$GroupDN = $Group.distinguishedname
53905401
$GroupFoundName = $Group.samaccountname
@@ -13098,7 +13109,7 @@ function Find-ManagedSecurityGroups {
1309813109
#>
1309913110

1310013111
# Go through the list of security groups on the domain and identify those who have a manager
13101-
Get-NetGroup -FullData -Filter '(&(managedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))' | Select-Object -Unique distinguishedName,managedBy,cn | ForEach-Object {
13112+
Get-NetGroup -FullData -Filter '(managedBy=*)' | Select-Object -Unique distinguishedName,managedBy,cn | ForEach-Object {
1310213113

1310313114
# Retrieve the object that the managedBy DN refers to
1310413115
$group_manager = Get-ADObject -ADSPath $_.managedBy | Select-Object cn,distinguishedname,name,samaccounttype,samaccountname

0 commit comments

Comments
 (0)