Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit 8a2e1da

Browse files
HarmJ0yHarmJ0y
committed
Parenthesis for additional LDAP functions
1 parent fa1baa6 commit 8a2e1da

File tree

1 file changed

+51
-45
lines changed

1 file changed

+51
-45
lines changed

Recon/PowerView.ps1

Lines changed: 51 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -4717,21 +4717,24 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
47174717
$UserSearcher = Get-DomainSearcher @SearcherArguments
47184718
}
47194719
}
4720-
elseif ($IdentityInstance -match '^S-1-.*') {
4721-
# SID format
4722-
$IdentityFilter += "(objectsid=$IdentityInstance)"
4723-
}
4724-
elseif ($IdentityInstance -match '^CN=.*') {
4725-
# distinguished names
4726-
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
4727-
}
47284720
else {
4729-
try {
4730-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
4731-
$IdentityFilter += "(objectguid=$GuidByteString)"
4721+
$IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
4722+
if ($IdentityInstance -match '^S-1-.*') {
4723+
# SID format
4724+
$IdentityFilter += "(objectsid=$IdentityInstance)"
47324725
}
4733-
catch {
4734-
$IdentityFilter += "(samAccountName=$IdentityInstance)"
4726+
elseif ($IdentityInstance -match '^CN=.*') {
4727+
# distinguished names
4728+
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
4729+
}
4730+
else {
4731+
try {
4732+
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
4733+
$IdentityFilter += "(objectguid=$GuidByteString)"
4734+
}
4735+
catch {
4736+
$IdentityFilter += "(samAccountName=$IdentityInstance)"
4737+
}
47354738
}
47364739
}
47374740
}
@@ -5746,7 +5749,7 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
57465749
$IdentityFilter = ''
57475750
$Filter = ''
57485751
$Identity | Where-Object {$_} | ForEach-Object {
5749-
$IdentityInstance = $_
5752+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
57505753
if ($IdentityInstance -match '^S-1-.*') {
57515754
$IdentityFilter += "(objectsid=$IdentityInstance)"
57525755
}
@@ -6773,7 +6776,7 @@ Custom PSObject with ACL entries.
67736776
$IdentityFilter = ''
67746777
$Filter = ''
67756778
$Identity | Where-Object {$_} | ForEach-Object {
6776-
$IdentityInstance = $_
6779+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
67776780
if ($IdentityInstance -match '^S-1-.*') {
67786781
$IdentityFilter += "(objectsid=$IdentityInstance)"
67796782
}
@@ -7662,7 +7665,7 @@ Custom PSObject with translated OU property fields.
76627665
$IdentityFilter = ''
76637666
$Filter = ''
76647667
$Identity | Where-Object {$_} | ForEach-Object {
7665-
$IdentityInstance = $_
7668+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
76667669
if ($IdentityInstance -match '^OU=.*') {
76677670
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
76687671
}
@@ -7921,7 +7924,7 @@ Custom PSObject with translated site property fields.
79217924
$IdentityFilter = ''
79227925
$Filter = ''
79237926
$Identity | Where-Object {$_} | ForEach-Object {
7924-
$IdentityInstance = $_
7927+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
79257928
if ($IdentityInstance -match '^CN=.*') {
79267929
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
79277930
}
@@ -8179,7 +8182,7 @@ Custom PSObject with translated subnet property fields.
81798182
$IdentityFilter = ''
81808183
$Filter = ''
81818184
$Identity | Where-Object {$_} | ForEach-Object {
8182-
$IdentityInstance = $_
8185+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
81838186
if ($IdentityInstance -match '^CN=.*') {
81848187
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
81858188
}
@@ -8650,19 +8653,22 @@ Custom PSObject with translated group property fields.
86508653
$GroupSearcher = Get-DomainSearcher @SearcherArguments
86518654
}
86528655
}
8653-
elseif ($IdentityInstance -match '^S-1-.*') {
8654-
$IdentityFilter += "(objectsid=$IdentityInstance)"
8655-
}
8656-
elseif ($IdentityInstance -match '^CN=.*') {
8657-
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
8658-
}
86598656
else {
8660-
try {
8661-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
8662-
$IdentityFilter += "(objectguid=$GuidByteString)"
8657+
$IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
8658+
if ($IdentityInstance -match '^S-1-.*') {
8659+
$IdentityFilter += "(objectsid=$IdentityInstance)"
86638660
}
8664-
catch {
8665-
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
8661+
elseif ($IdentityInstance -match '^CN=.*') {
8662+
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
8663+
}
8664+
else {
8665+
try {
8666+
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
8667+
$IdentityFilter += "(objectguid=$GuidByteString)"
8668+
}
8669+
catch {
8670+
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
8671+
}
86668672
}
86678673
}
86688674
}
@@ -9371,19 +9377,22 @@ http://www.powershellmagazine.com/2013/05/23/pstip-retrieve-group-membership-of-
93719377
$GroupSearcher = Get-DomainSearcher @SearcherArguments
93729378
}
93739379
}
9374-
elseif ($IdentityInstance -match '^S-1-.*') {
9375-
$IdentityFilter += "(objectsid=$IdentityInstance)"
9376-
}
9377-
elseif ($IdentityInstance -match '^CN=.*') {
9378-
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
9379-
}
93809380
else {
9381-
try {
9382-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
9383-
$IdentityFilter += "(objectguid=$GuidByteString)"
9381+
$IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
9382+
if ($IdentityInstance -match '^S-1-.*') {
9383+
$IdentityFilter += "(objectsid=$IdentityInstance)"
93849384
}
9385-
catch {
9386-
$IdentityFilter += "(samAccountName=$IdentityInstance)"
9385+
elseif ($IdentityInstance -match '^CN=.*') {
9386+
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
9387+
}
9388+
else {
9389+
try {
9390+
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
9391+
$IdentityFilter += "(objectguid=$GuidByteString)"
9392+
}
9393+
catch {
9394+
$IdentityFilter += "(samAccountName=$IdentityInstance)"
9395+
}
93879396
}
93889397
}
93899398
}
@@ -10928,11 +10937,8 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
1092810937
$IdentityFilter = ''
1092910938
$Filter = ''
1093010939
$Identity | Where-Object {$_} | ForEach-Object {
10931-
$IdentityInstance = $_
10932-
if ($IdentityInstance -match 'LDAP://') {
10933-
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
10934-
}
10935-
elseif ($IdentityInstance -match '^CN=.*') {
10940+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
10941+
if ($IdentityInstance -match 'LDAP://|^CN=.*') {
1093610942
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
1093710943
}
1093810944
elseif ($IdentityInstance -match '{.*}') {

0 commit comments

Comments
 (0)