Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit 7dc41b6

Browse files
HarmJ0yHarmJ0y
committed
For any "-Identity" values formatted as distinguishednames passed to Verb-Domain* functions,
the object's domain is now extracted from the dn and the directory searcher is rebound to the proper domain.
1 parent 7e4d7ee commit 7dc41b6

File tree

1 file changed

+110
-1
lines changed

1 file changed

+110
-1
lines changed

Recon/PowerView.ps1

Lines changed: 110 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4761,6 +4761,17 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
47614761
}
47624762
elseif ($IdentityInstance -match '^CN=') {
47634763
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
4764+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
4765+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
4766+
# and rebuild the domain searcher
4767+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
4768+
Write-Verbose "[Get-DomainUser] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
4769+
$SearcherArguments['Domain'] = $IdentityDomain
4770+
$UserSearcher = Get-DomainSearcher @SearcherArguments
4771+
if (-not $UserSearcher) {
4772+
Write-Warning "[Get-DomainUser] Unable to retrieve domain searcher for '$IdentityDomain'"
4773+
}
4774+
}
47644775
}
47654776
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
47664777
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
@@ -5789,7 +5800,6 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
57895800

57905801
PROCESS {
57915802
if ($CompSearcher) {
5792-
57935803
$IdentityFilter = ''
57945804
$Filter = ''
57955805
$Identity | Where-Object {$_} | ForEach-Object {
@@ -5799,6 +5809,17 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
57995809
}
58005810
elseif ($IdentityInstance -match '^CN=') {
58015811
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
5812+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
5813+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
5814+
# and rebuild the domain searcher
5815+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
5816+
Write-Verbose "[Get-DomainComputer] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
5817+
$SearcherArguments['Domain'] = $IdentityDomain
5818+
$CompSearcher = Get-DomainSearcher @SearcherArguments
5819+
if (-not $CompSearcher) {
5820+
Write-Warning "[Get-DomainComputer] Unable to retrieve domain searcher for '$IdentityDomain'"
5821+
}
5822+
}
58025823
}
58035824
elseif ($IdentityInstance.Contains('.')) {
58045825
$IdentityFilter += "(|(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
@@ -6105,6 +6126,17 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
61056126
}
61066127
elseif ($IdentityInstance -match '^(CN|OU|DC)=') {
61076128
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
6129+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
6130+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
6131+
# and rebuild the domain searcher
6132+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
6133+
Write-Verbose "[Get-DomainObject] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
6134+
$SearcherArguments['Domain'] = $IdentityDomain
6135+
$ObjectSearcher = Get-DomainSearcher @SearcherArguments
6136+
if (-not $ObjectSearcher) {
6137+
Write-Warning "[Get-DomainObject] Unable to retrieve domain searcher for '$IdentityDomain'"
6138+
}
6139+
}
61086140
}
61096141
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
61106142
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
@@ -7637,6 +7669,17 @@ Custom PSObject with ACL entries.
76377669
}
76387670
elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
76397671
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
7672+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
7673+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
7674+
# and rebuild the domain searcher
7675+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
7676+
Write-Verbose "[Get-DomainObjectAcl] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
7677+
$SearcherArguments['Domain'] = $IdentityDomain
7678+
$Searcher = Get-DomainSearcher @SearcherArguments
7679+
if (-not $Searcher) {
7680+
Write-Warning "[Get-DomainObjectAcl] Unable to retrieve domain searcher for '$IdentityDomain'"
7681+
}
7682+
}
76407683
}
76417684
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
76427685
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
@@ -8538,6 +8581,17 @@ Custom PSObject with translated OU property fields.
85388581
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
85398582
if ($IdentityInstance -match '^OU=.*') {
85408583
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
8584+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
8585+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
8586+
# and rebuild the domain searcher
8587+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
8588+
Write-Verbose "[Get-DomainOU] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
8589+
$SearcherArguments['Domain'] = $IdentityDomain
8590+
$OUSearcher = Get-DomainSearcher @SearcherArguments
8591+
if (-not $OUSearcher) {
8592+
Write-Warning "[Get-DomainOU] Unable to retrieve domain searcher for '$IdentityDomain'"
8593+
}
8594+
}
85418595
}
85428596
else {
85438597
try {
@@ -8797,6 +8851,17 @@ Custom PSObject with translated site property fields.
87978851
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
87988852
if ($IdentityInstance -match '^CN=.*') {
87998853
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
8854+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
8855+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
8856+
# and rebuild the domain searcher
8857+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
8858+
Write-Verbose "[Get-DomainSite] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
8859+
$SearcherArguments['Domain'] = $IdentityDomain
8860+
$SiteSearcher = Get-DomainSearcher @SearcherArguments
8861+
if (-not $SiteSearcher) {
8862+
Write-Warning "[Get-DomainSite] Unable to retrieve domain searcher for '$IdentityDomain'"
8863+
}
8864+
}
88008865
}
88018866
else {
88028867
try {
@@ -9055,6 +9120,17 @@ Custom PSObject with translated subnet property fields.
90559120
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
90569121
if ($IdentityInstance -match '^CN=.*') {
90579122
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
9123+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
9124+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
9125+
# and rebuild the domain searcher
9126+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
9127+
Write-Verbose "[Get-DomainSubnet] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
9128+
$SearcherArguments['Domain'] = $IdentityDomain
9129+
$SubnetSearcher = Get-DomainSearcher @SearcherArguments
9130+
if (-not $SubnetSearcher) {
9131+
Write-Warning "[Get-DomainSubnet] Unable to retrieve domain searcher for '$IdentityDomain'"
9132+
}
9133+
}
90589134
}
90599135
else {
90609136
try {
@@ -9534,6 +9610,17 @@ Custom PSObject with translated group property fields.
95349610
}
95359611
elseif ($IdentityInstance -match '^CN=') {
95369612
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
9613+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
9614+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
9615+
# and rebuild the domain searcher
9616+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
9617+
Write-Verbose "[Get-DomainGroup] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
9618+
$SearcherArguments['Domain'] = $IdentityDomain
9619+
$GroupSearcher = Get-DomainSearcher @SearcherArguments
9620+
if (-not $GroupSearcher) {
9621+
Write-Warning "[Get-DomainGroup] Unable to retrieve domain searcher for '$IdentityDomain'"
9622+
}
9623+
}
95379624
}
95389625
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
95399626
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
@@ -10275,6 +10362,17 @@ http://www.powershellmagazine.com/2013/05/23/pstip-retrieve-group-membership-of-
1027510362
}
1027610363
elseif ($IdentityInstance -match '^CN=') {
1027710364
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
10365+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
10366+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
10367+
# and rebuild the domain searcher
10368+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
10369+
Write-Verbose "[Get-DomainGroupMember] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
10370+
$SearcherArguments['Domain'] = $IdentityDomain
10371+
$GroupSearcher = Get-DomainSearcher @SearcherArguments
10372+
if (-not $GroupSearcher) {
10373+
Write-Warning "[Get-DomainGroupMember] Unable to retrieve domain searcher for '$IdentityDomain'"
10374+
}
10375+
}
1027810376
}
1027910377
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
1028010378
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
@@ -12081,6 +12179,17 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
1208112179
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
1208212180
if ($IdentityInstance -match 'LDAP://|^CN=.*') {
1208312181
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
12182+
if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) {
12183+
# if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname
12184+
# and rebuild the domain searcher
12185+
$IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
12186+
Write-Verbose "[Get-DomainGPO] Extracted domain '$IdentityDomain' from '$IdentityInstance'"
12187+
$SearcherArguments['Domain'] = $IdentityDomain
12188+
$GPOSearcher = Get-DomainSearcher @SearcherArguments
12189+
if (-not $GPOSearcher) {
12190+
Write-Warning "[Get-DomainGPO] Unable to retrieve domain searcher for '$IdentityDomain'"
12191+
}
12192+
}
1208412193
}
1208512194
elseif ($IdentityInstance -match '{.*}') {
1208612195
$IdentityFilter += "(name=$IdentityInstance)"

0 commit comments

Comments
 (0)