Skip to content

Commit 31c2290

Browse files
HarmJ0yHarmJ0y
committed
Fixed some Invoke-MapDomainTrust and Get-NetDomainTrust logic
Changed domain/forest Write-Warning's to Write-Verbose
1 parent 9cd0955 commit 31c2290

File tree

1 file changed

+57
-46
lines changed

1 file changed

+57
-46
lines changed

Recon/PowerView.ps1

Lines changed: 57 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -2188,7 +2188,7 @@ filter Get-NetDomain {
21882188
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
21892189
}
21902190
catch {
2191-
Write-Warning "The specified domain does '$Domain' not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
2191+
Write-Verbose "The specified domain does '$Domain' not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
21922192
$Null
21932193
}
21942194
}
@@ -2198,7 +2198,7 @@ filter Get-NetDomain {
21982198
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
21992199
}
22002200
catch {
2201-
Write-Warning "The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust."
2201+
Write-Verbose "The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust."
22022202
$Null
22032203
}
22042204
}
@@ -2257,7 +2257,7 @@ filter Get-NetForest {
22572257
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
22582258
}
22592259
catch {
2260-
Write-Warning "The specified forest '$Forest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
2260+
Write-Verbose "The specified forest '$Forest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
22612261
$Null
22622262
}
22632263
}
@@ -2267,7 +2267,7 @@ filter Get-NetForest {
22672267
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
22682268
}
22692269
catch {
2270-
Write-Warning "The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust."
2270+
Write-Verbose "The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust."
22712271
return $Null
22722272
}
22732273
}
@@ -12514,6 +12514,22 @@ function Get-NetDomainTrust {
1251412514
$Credential
1251512515
)
1251612516

12517+
begin {
12518+
$TrustAttributes = @{
12519+
[uint32]'0x00000001' = 'non_transitive'
12520+
[uint32]'0x00000002' = 'uplevel_only'
12521+
[uint32]'0x00000004' = 'quarantined_domain'
12522+
[uint32]'0x00000008' = 'forest_transitive'
12523+
[uint32]'0x00000010' = 'cross_organization'
12524+
[uint32]'0x00000020' = 'within_forest'
12525+
[uint32]'0x00000040' = 'treat_as_external'
12526+
[uint32]'0x00000080' = 'trust_uses_rc4_encryption'
12527+
[uint32]'0x00000100' = 'trust_uses_aes_keys'
12528+
[uint32]'0x00000200' = 'cross_organization_no_tgt_delegation'
12529+
[uint32]'0x00000400' = 'pim_trust'
12530+
}
12531+
}
12532+
1251712533
process {
1251812534

1251912535
if(-not $Domain) {
@@ -12532,33 +12548,21 @@ function Get-NetDomainTrust {
1253212548

1253312549
if($TrustSearcher) {
1253412550

12535-
$TrustSearcher.filter = '(&(objectClass=trustedDomain))'
12551+
$TrustSearcher.Filter = '(objectClass=trustedDomain)'
1253612552

1253712553
$Results = $TrustSearcher.FindAll()
1253812554
$Results | Where-Object {$_} | ForEach-Object {
1253912555
$Props = $_.Properties
1254012556
$DomainTrust = New-Object PSObject
12541-
$TrustAttrib = Switch ($Props.trustattributes)
12542-
{
12543-
0x001 { "non_transitive" }
12544-
0x002 { "uplevel_only" }
12545-
0x004 { "quarantined_domain" }
12546-
0x008 { "forest_transitive" }
12547-
0x010 { "cross_organization" }
12548-
0x020 { "within_forest" }
12549-
0x040 { "treat_as_external" }
12550-
0x080 { "trust_uses_rc4_encryption" }
12551-
0x100 { "trust_uses_aes_keys" }
12552-
Default {
12553-
Write-Warning "Unknown trust attribute: $($Props.trustattributes)";
12554-
"$($Props.trustattributes)";
12555-
}
12556-
}
12557+
12558+
$TrustAttrib = @()
12559+
$TrustAttrib += $TrustAttributes.Keys | Where-Object { $Props.trustattributes[0] -band $_ } | ForEach-Object { $TrustAttributes[$_] }
12560+
1255712561
$Direction = Switch ($Props.trustdirection) {
12558-
0 { "Disabled" }
12559-
1 { "Inbound" }
12560-
2 { "Outbound" }
12561-
3 { "Bidirectional" }
12562+
0 { 'Disabled' }
12563+
1 { 'Inbound' }
12564+
2 { 'Outbound' }
12565+
3 { 'Bidirectional' }
1256212566
}
1256312567
$ObjectGuid = New-Object Guid @(,$Props.objectguid[0])
1256412568
$TargetSID = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value
@@ -12567,7 +12571,7 @@ function Get-NetDomainTrust {
1256712571
$DomainTrust | Add-Member Noteproperty 'TargetName' $Props.name[0]
1256812572
$DomainTrust | Add-Member Noteproperty 'TargetSID' $TargetSID
1256912573
$DomainTrust | Add-Member Noteproperty 'ObjectGuid' "{$ObjectGuid}"
12570-
$DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustAttrib"
12574+
$DomainTrust | Add-Member Noteproperty 'TrustType' $($TrustAttrib -join ',')
1257112575
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction"
1257212576
$DomainTrust
1257312577
}
@@ -12639,7 +12643,7 @@ function Get-NetDomainTrust {
1263912643
}
1264012644
}
1264112645
else {
12642-
Write-Error "Could not retrieve domain controller for $Domain"
12646+
Write-Verbose "Could not retrieve domain controller for $Domain"
1264312647
}
1264412648
}
1264512649
else {
@@ -13124,34 +13128,41 @@ function Invoke-MapDomainTrust {
1312413128
}
1312513129

1312613130
# get any forest trusts, if they exist
13127-
$Trusts += Get-NetForestTrust -Forest $Domain -Credential $Credential
13131+
if(-not ($LDAP -or $DomainController) ) {
13132+
$Trusts += Get-NetForestTrust -Forest $Domain -Credential $Credential
13133+
}
1312813134

1312913135
if ($Trusts) {
13136+
if($Trusts -isnot [System.Array]) {
13137+
$Trusts = @($Trusts)
13138+
}
1313013139

1313113140
# enumerate each trust found
1313213141
ForEach ($Trust in $Trusts) {
13133-
$SourceDomain = $Trust.SourceName
13134-
$TargetDomain = $Trust.TargetName
13135-
$TrustType = $Trust.TrustType
13136-
$TrustDirection = $Trust.TrustDirection
13137-
13138-
# make sure we process the target
13139-
$Null = $Domains.push($TargetDomain)
13140-
13141-
# build the nicely-parsable custom output object
13142-
$DomainTrust = New-Object PSObject
13143-
$DomainTrust | Add-Member Noteproperty 'SourceDomain' "$SourceDomain"
13144-
$DomainTrust | Add-Member Noteproperty 'SourceSID' $Trust.SourceSID
13145-
$DomainTrust | Add-Member Noteproperty 'TargetDomain' "$TargetDomain"
13146-
$DomainTrust | Add-Member Noteproperty 'TargetSID' $Trust.TargetSID
13147-
$DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustType"
13148-
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$TrustDirection"
13149-
$DomainTrust
13142+
if($Trust.SourceName -and $Trust.TargetName) {
13143+
$SourceDomain = $Trust.SourceName
13144+
$TargetDomain = $Trust.TargetName
13145+
$TrustType = $Trust.TrustType
13146+
$TrustDirection = $Trust.TrustDirection
13147+
13148+
# make sure we process the target
13149+
$Null = $Domains.push($TargetDomain)
13150+
13151+
# build the nicely-parsable custom output object
13152+
$DomainTrust = New-Object PSObject
13153+
$DomainTrust | Add-Member Noteproperty 'SourceDomain' "$SourceDomain"
13154+
$DomainTrust | Add-Member Noteproperty 'SourceSID' $Trust.SourceSID
13155+
$DomainTrust | Add-Member Noteproperty 'TargetDomain' "$TargetDomain"
13156+
$DomainTrust | Add-Member Noteproperty 'TargetSID' $Trust.TargetSID
13157+
$DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustType"
13158+
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$TrustDirection"
13159+
$DomainTrust
13160+
}
1315013161
}
1315113162
}
1315213163
}
1315313164
catch {
13154-
Write-Warning "[!] Error: $_"
13165+
Write-Verbose "[!] Error: $_"
1315513166
}
1315613167
}
1315713168
}

0 commit comments

Comments
 (0)