Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit 6927a26

Browse files
mbrancatombrancato
authored
Fix for impersonation in Get-NetLocalGroup*
Removed unnecessary warning about the 'WinNT' method Fixed Get-NetLocalGroup* to use impersonation - netapi32 functions weren't working.
1 parent bda533d commit 6927a26

File tree

1 file changed

+18
-16
lines changed

1 file changed

+18
-16
lines changed

Recon/PowerView.ps1

Lines changed: 18 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -12181,8 +12181,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx
1218112181
)
1218212182

1218312183
BEGIN {
12184-
if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) {
12185-
Write-Warning "[Get-NetLocalGroup] -Credential is only compatible with '-Method WinNT'"
12184+
if ($PSBoundParameters['Credential']) {
12185+
$LogonToken = Invoke-UserImpersonation -Credential $Credential
1218612186
}
1218712187
}
1218812188

@@ -12235,12 +12235,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx
1223512235
}
1223612236
else {
1223712237
# otherwise we're using the WinNT service provider
12238-
if ($Credential -ne [Management.Automation.PSCredential]::Empty) {
12239-
$ComputerProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer,computer", $Credential.UserName, $Credential.GetNetworkCredential().Password)
12240-
}
12241-
else {
12242-
$ComputerProvider = [ADSI]"WinNT://$Computer,computer"
12243-
}
12238+
$ComputerProvider = [ADSI]"WinNT://$Computer,computer"
1224412239

1224512240
$ComputerProvider.psbase.children | Where-Object { $_.psbase.schemaClassName -eq 'group' } | ForEach-Object {
1224612241
$LocalGroup = ([ADSI]$_)
@@ -12255,6 +12250,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx
1225512250
}
1225612251
}
1225712252
}
12253+
12254+
END {
12255+
if ($LogonToken) {
12256+
Invoke-RevertToSelf -TokenHandle $LogonToken
12257+
}
12258+
}
1225812259
}
1225912260

1226012261

@@ -12386,8 +12387,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx
1238612387
)
1238712388

1238812389
BEGIN {
12389-
if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) {
12390-
Write-Warning "[Get-NetLocalGroupMember] -Credential is only compatible with '-Method WinNT'"
12390+
if ($PSBoundParameters['Credential']) {
12391+
$LogonToken = Invoke-UserImpersonation -Credential $Credential
1239112392
}
1239212393
}
1239312394

@@ -12481,12 +12482,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx
1248112482
else {
1248212483
# otherwise we're using the WinNT service provider
1248312484
try {
12484-
if ($Credential -ne [Management.Automation.PSCredential]::Empty) {
12485-
$GroupProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer/$GroupName,group", $Credential.UserName, $Credential.GetNetworkCredential().Password)
12486-
}
12487-
else {
12488-
$GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group"
12489-
}
12485+
$GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group"
1249012486

1249112487
$GroupProvider.psbase.Invoke('Members') | ForEach-Object {
1249212488

@@ -12571,6 +12567,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx
1257112567
}
1257212568
}
1257312569
}
12570+
12571+
END {
12572+
if ($LogonToken) {
12573+
Invoke-RevertToSelf -TokenHandle $LogonToken
12574+
}
12575+
}
1257412576
}
1257512577

1257612578

0 commit comments

Comments
 (0)