Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit 454e040

Browse files
HarmJ0yHarmJ0y
committed
Standardized output from Find-InterestingDomainAcl
1 parent ea60b0e commit 454e040

File tree

1 file changed

+40
-11
lines changed

1 file changed

+40
-11
lines changed

Recon/PowerView.ps1

Lines changed: 40 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7404,11 +7404,26 @@ Custom PSObject with ACL entries.
74047404
if ($_.SecurityIdentifier.Value -match '^S-1-5-.*-[1-9]\d{3,}$') {
74057405
if ($ResolvedSIDs[$_.SecurityIdentifier.Value]) {
74067406
$IdentityReferenceName, $IdentityReferenceDomain, $IdentityReferenceDN, $IdentityReferenceClass = $ResolvedSIDs[$_.SecurityIdentifier.Value]
7407-
$_ | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName
7408-
$_ | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain
7409-
$_ | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN
7410-
$_ | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass
7411-
$_
7407+
7408+
$InterestingACL = New-Object PSObject
7409+
$InterestingACL | Add-Member NoteProperty 'ObjectDN' $_.ObjectDN
7410+
$InterestingACL | Add-Member NoteProperty 'AceQualifier' $_.AceQualifier
7411+
$InterestingACL | Add-Member NoteProperty 'ActiveDirectoryRights' $_.ActiveDirectoryRights
7412+
if ($_.ObjectAceType) {
7413+
$InterestingACL | Add-Member NoteProperty 'ObjectAceType' $_.ObjectAceType
7414+
}
7415+
else {
7416+
$InterestingACL | Add-Member NoteProperty 'ObjectAceType' 'None'
7417+
}
7418+
$InterestingACL | Add-Member NoteProperty 'AceFlags' $_.AceFlags
7419+
$InterestingACL | Add-Member NoteProperty 'AceType' $_.AceType
7420+
$InterestingACL | Add-Member NoteProperty 'InheritanceFlags' $_.InheritanceFlags
7421+
$InterestingACL | Add-Member NoteProperty 'SecurityIdentifier' $_.SecurityIdentifier
7422+
$InterestingACL | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName
7423+
$InterestingACL | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain
7424+
$InterestingACL | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN
7425+
$InterestingACL | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass
7426+
$InterestingACL
74127427
}
74137428
else {
74147429
$IdentityReferenceDN = Convert-ADName -Identity $_.SecurityIdentifier.Value -OutputType DN @ADNameArguments
@@ -7421,7 +7436,7 @@ Custom PSObject with ACL entries.
74217436
$ObjectSearcherArguments['Identity'] = $IdentityReferenceDN
74227437
# "IdentityReferenceDN: $IdentityReferenceDN"
74237438
$Object = Get-DomainObject @ObjectSearcherArguments
7424-
$ObjectSearcherArguments
7439+
74257440
if ($Object) {
74267441
$IdentityReferenceName = $Object.Properties.samaccountname[0]
74277442
if ($Object.Properties.objectclass -match 'computer') {
@@ -7440,11 +7455,25 @@ Custom PSObject with ACL entries.
74407455
# save so we don't look up more than once
74417456
$ResolvedSIDs[$_.SecurityIdentifier.Value] = $IdentityReferenceName, $IdentityReferenceDomain, $IdentityReferenceDN, $IdentityReferenceClass
74427457

7443-
$_ | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName
7444-
$_ | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain
7445-
$_ | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN
7446-
$_ | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass
7447-
$_
7458+
$InterestingACL = New-Object PSObject
7459+
$InterestingACL | Add-Member NoteProperty 'ObjectDN' $_.ObjectDN
7460+
$InterestingACL | Add-Member NoteProperty 'AceQualifier' $_.AceQualifier
7461+
$InterestingACL | Add-Member NoteProperty 'ActiveDirectoryRights' $_.ActiveDirectoryRights
7462+
if ($_.ObjectAceType) {
7463+
$InterestingACL | Add-Member NoteProperty 'ObjectAceType' $_.ObjectAceType
7464+
}
7465+
else {
7466+
$InterestingACL | Add-Member NoteProperty 'ObjectAceType' 'None'
7467+
}
7468+
$InterestingACL | Add-Member NoteProperty 'AceFlags' $_.AceFlags
7469+
$InterestingACL | Add-Member NoteProperty 'AceType' $_.AceType
7470+
$InterestingACL | Add-Member NoteProperty 'InheritanceFlags' $_.InheritanceFlags
7471+
$InterestingACL | Add-Member NoteProperty 'SecurityIdentifier' $_.SecurityIdentifier
7472+
$InterestingACL | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName
7473+
$InterestingACL | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain
7474+
$InterestingACL | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN
7475+
$InterestingACL | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass
7476+
$InterestingACL
74487477
}
74497478
}
74507479
else {

0 commit comments

Comments
 (0)