Merge pull request #214 from mbrancato/dev

HarmJ0y · web-flow · commit 92e17e5331b5 · 2017-04-26T14:10:47.000-07:00
Fix for impersonation in Get-NetLocalGroup*
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
@@ -12149,8 +12149,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx
     )
 
     BEGIN {
-        if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) {
-            Write-Warning "[Get-NetLocalGroup] -Credential is only compatible with '-Method WinNT'"
+        if ($PSBoundParameters['Credential']) {
+            $LogonToken = Invoke-UserImpersonation -Credential $Credential
         }
     }
 
@@ -12203,12 +12203,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx
             }
             else {
                 # otherwise we're using the WinNT service provider
-                if ($Credential -ne [Management.Automation.PSCredential]::Empty) {
-                    $ComputerProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer,computer", $Credential.UserName, $Credential.GetNetworkCredential().Password)
-                }
-                else {
-                    $ComputerProvider = [ADSI]"WinNT://$Computer,computer"
-                }
+                $ComputerProvider = [ADSI]"WinNT://$Computer,computer"
 
                 $ComputerProvider.psbase.children | Where-Object { $_.psbase.schemaClassName -eq 'group' } | ForEach-Object {
                     $LocalGroup = ([ADSI]$_)
@@ -12223,6 +12218,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx
             }
         }
     }
+    
+    END {
+        if ($LogonToken) {
+            Invoke-RevertToSelf -TokenHandle $LogonToken
+        }
+    }
 }
 
 
@@ -12354,8 +12355,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx
     )
 
     BEGIN {
-        if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) {
-            Write-Warning "[Get-NetLocalGroupMember] -Credential is only compatible with '-Method WinNT'"
+        if ($PSBoundParameters['Credential']) {
+            $LogonToken = Invoke-UserImpersonation -Credential $Credential
         }
     }
 
@@ -12449,12 +12450,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx
             else {
                 # otherwise we're using the WinNT service provider
                 try {
-                    if ($Credential -ne [Management.Automation.PSCredential]::Empty) {
-                        $GroupProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer/$GroupName,group", $Credential.UserName, $Credential.GetNetworkCredential().Password)
-                    }
-                    else {
-                        $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group"
-                    }
+                    $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group"
 
                     $GroupProvider.psbase.Invoke('Members') | ForEach-Object {
 
@@ -12539,6 +12535,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx
             }
         }
     }
+    
+    END {
+        if ($LogonToken) {
+            Invoke-RevertToSelf -TokenHandle $LogonToken
+        }
+    }
 }
 
 

Original file line number	Diff line number	Diff line change
`@@ -12149,8 +12149,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx`
`12149`	`12149`	`)`
`12150`	`12150`
`12151`	`12151`	`BEGIN {`
`12152`		`- if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) {`
`12153`		`- Write-Warning "[Get-NetLocalGroup] -Credential is only compatible with '-Method WinNT'"`
	`12152`	`+ if ($PSBoundParameters['Credential']) {`
	`12153`	`+ $LogonToken = Invoke-UserImpersonation -Credential $Credential`
`12154`	`12154`	`}`
`12155`	`12155`	`}`
`12156`	`12156`
`@@ -12203,12 +12203,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx`
`12203`	`12203`	`}`
`12204`	`12204`	`else {`
`12205`	`12205`	`# otherwise we're using the WinNT service provider`
`12206`		`- if ($Credential -ne [Management.Automation.PSCredential]::Empty) {`
`12207`		`- $ComputerProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer,computer", $Credential.UserName, $Credential.GetNetworkCredential().Password)`
`12208`		`- }`
`12209`		`- else {`
`12210`		`- $ComputerProvider = [ADSI]"WinNT://$Computer,computer"`
`12211`		`- }`
	`12206`	`+ $ComputerProvider = [ADSI]"WinNT://$Computer,computer"`
`12212`	`12207`
`12213`	`12208`	`$ComputerProvider.psbase.children \| Where-Object { $_.psbase.schemaClassName -eq 'group' } \| ForEach-Object {`
`12214`	`12209`	`$LocalGroup = ([ADSI]$_)`
`@@ -12223,6 +12218,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx`
`12223`	`12218`	`}`
`12224`	`12219`	`}`
`12225`	`12220`	`}`
	`12221`	`+`
	`12222`	`+ END {`
	`12223`	`+ if ($LogonToken) {`
	`12224`	`+ Invoke-RevertToSelf -TokenHandle $LogonToken`
	`12225`	`+ }`
	`12226`	`+ }`
`12226`	`12227`	`}`
`12227`	`12228`
`12228`	`12229`
`@@ -12354,8 +12355,8 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx`
`12354`	`12355`	`)`
`12355`	`12356`
`12356`	`12357`	`BEGIN {`
`12357`		`- if ($PSBoundParameters['Credential'] -and ($Method -eq 'WinNT')) {`
`12358`		`- Write-Warning "[Get-NetLocalGroupMember] -Credential is only compatible with '-Method WinNT'"`
	`12358`	`+ if ($PSBoundParameters['Credential']) {`
	`12359`	`+ $LogonToken = Invoke-UserImpersonation -Credential $Credential`
`12359`	`12360`	`}`
`12360`	`12361`	`}`
`12361`	`12362`
`@@ -12449,12 +12450,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx`
`12449`	`12450`	`else {`
`12450`	`12451`	`# otherwise we're using the WinNT service provider`
`12451`	`12452`	`try {`
`12452`		`- if ($Credential -ne [Management.Automation.PSCredential]::Empty) {`
`12453`		`- $GroupProvider = New-Object DirectoryServices.DirectoryEntry("WinNT://$Computer/$GroupName,group", $Credential.UserName, $Credential.GetNetworkCredential().Password)`
`12454`		`- }`
`12455`		`- else {`
`12456`		`- $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group"`
`12457`		`- }`
	`12453`	`+ $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group"`
`12458`	`12454`
`12459`	`12455`	`$GroupProvider.psbase.Invoke('Members') \| ForEach-Object {`
`12460`	`12456`
`@@ -12539,6 +12535,12 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx`
`12539`	`12535`	`}`
`12540`	`12536`	`}`
`12541`	`12537`	`}`
	`12538`	`+`
	`12539`	`+ END {`
	`12540`	`+ if ($LogonToken) {`
	`12541`	`+ Invoke-RevertToSelf -TokenHandle $LogonToken`
	`12542`	`+ }`
	`12543`	`+ }`
`12542`	`12544`	`}`
`12543`	`12545`
`12544`	`12546`