Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit 97382c2

Browse files
HarmJ0yHarmJ0y
authored
Merge pull request #226 from joncave/dn_commas
Support for DNs containing commas
2 parents 0bbc9db + 08b3062 commit 97382c2

File tree

1 file changed

+80
-115
lines changed

1 file changed

+80
-115
lines changed

Recon/PowerView.ps1

Lines changed: 80 additions & 115 deletions
Original file line numberDiff line numberDiff line change
@@ -4706,9 +4706,19 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
47064706
$IdentityFilter = ''
47074707
$Filter = ''
47084708
$Identity | Where-Object {$_} | ForEach-Object {
4709-
$IdentityInstance = $_
4710-
if ($IdentityInstance -match '.+\\.+') {
4711-
$ConvertedIdentityInstance = $IdentityInstance | Convert-ADName -OutputType Canonical
4709+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
4710+
if ($IdentityInstance -match '^S-1-') {
4711+
$IdentityFilter += "(objectsid=$IdentityInstance)"
4712+
}
4713+
elseif ($IdentityInstance -match '^CN=') {
4714+
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
4715+
}
4716+
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
4717+
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
4718+
$IdentityFilter += "(objectguid=$GuidByteString)"
4719+
}
4720+
elseif ($IdentityInstance.Contains('\')) {
4721+
$ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical
47124722
if ($ConvertedIdentityInstance) {
47134723
$UserDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/'))
47144724
$UserName = $IdentityInstance.Split('\')[1]
@@ -4719,26 +4729,10 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
47194729
}
47204730
}
47214731
else {
4722-
$IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
4723-
if ($IdentityInstance -match '^S-1-.*') {
4724-
# SID format
4725-
$IdentityFilter += "(objectsid=$IdentityInstance)"
4726-
}
4727-
elseif ($IdentityInstance -match '^CN=.*') {
4728-
# distinguished names
4729-
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
4730-
}
4731-
else {
4732-
try {
4733-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
4734-
$IdentityFilter += "(objectguid=$GuidByteString)"
4735-
}
4736-
catch {
4737-
$IdentityFilter += "(samAccountName=$IdentityInstance)"
4738-
}
4739-
}
4732+
$IdentityFilter += "(samAccountName=$IdentityInstance)"
47404733
}
47414734
}
4735+
47424736
if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) {
47434737
$Filter += "(|$IdentityFilter)"
47444738
}
@@ -5751,28 +5745,21 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
57515745
$Filter = ''
57525746
$Identity | Where-Object {$_} | ForEach-Object {
57535747
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
5754-
if ($IdentityInstance -match '^S-1-.*') {
5748+
if ($IdentityInstance -match '^S-1-') {
57555749
$IdentityFilter += "(objectsid=$IdentityInstance)"
57565750
}
5757-
elseif ($IdentityInstance -match '^CN=.*') {
5751+
elseif ($IdentityInstance -match '^CN=') {
57585752
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
57595753
}
5760-
elseif ($IdentityInstance -match '.*\..*') {
5761-
$IdentityFilter += "(dnshostname=$IdentityInstance)"
5754+
elseif ($IdentityInstance.Contains('.')) {
5755+
$IdentityFilter += "(|(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
5756+
}
5757+
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
5758+
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
5759+
$IdentityFilter += "(objectguid=$GuidByteString)"
57625760
}
57635761
else {
5764-
try {
5765-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
5766-
$IdentityFilter += "(objectguid=$GuidByteString)"
5767-
}
5768-
catch {
5769-
if ($IdentityInstance.Contains('.')) {
5770-
$IdentityFilter += "(|(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
5771-
}
5772-
else {
5773-
$IdentityFilter += "(name=$IdentityInstance)"
5774-
}
5775-
}
5762+
$IdentityFilter += "(name=$IdentityInstance)"
57765763
}
57775764
}
57785765
if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) {
@@ -6063,40 +6050,33 @@ The raw DirectoryServices.SearchResult object, if -Raw is enabled.
60636050
$IdentityFilter = ''
60646051
$Filter = ''
60656052
$Identity | Where-Object {$_} | ForEach-Object {
6066-
$IdentityInstance = $_
6067-
if ($IdentityInstance -match '.+\\.+') {
6068-
$ConvertedIdentityInstance = $IdentityInstance | Convert-ADName -OutputType Canonical
6053+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
6054+
if ($IdentityInstance -match '^S-1-') {
6055+
$IdentityFilter += "(objectsid=$IdentityInstance)"
6056+
}
6057+
elseif ($IdentityInstance -match '^(CN|OU|DC)=') {
6058+
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
6059+
}
6060+
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
6061+
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
6062+
$IdentityFilter += "(objectguid=$GuidByteString)"
6063+
}
6064+
elseif ($IdentityInstance.Contains('\')) {
6065+
$ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical
60696066
if ($ConvertedIdentityInstance) {
60706067
$ObjectDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/'))
60716068
$ObjectName = $IdentityInstance.Split('\')[1]
60726069
$IdentityFilter += "(samAccountName=$ObjectName)"
60736070
$SearcherArguments['Domain'] = $ObjectDomain
6074-
Write-Verbose "[Get-DomainUser] Extracted domain '$ObjectDomain' from '$IdentityInstance'"
6071+
Write-Verbose "[Get-DomainObject] Extracted domain '$ObjectDomain' from '$IdentityInstance'"
60756072
$ObjectSearcher = Get-DomainSearcher @SearcherArguments
60766073
}
60776074
}
6075+
elseif ($IdentityInstance.Contains('.')) {
6076+
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
6077+
}
60786078
else {
6079-
$IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
6080-
if ($IdentityInstance -match '^S-1-.*') {
6081-
$IdentityFilter += "(objectsid=$IdentityInstance)"
6082-
}
6083-
elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
6084-
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
6085-
}
6086-
else {
6087-
try {
6088-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
6089-
$IdentityFilter += "(objectguid=$GuidByteString)"
6090-
}
6091-
catch {
6092-
if ($IdentityInstance.Contains('.')) {
6093-
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
6094-
}
6095-
else {
6096-
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(displayname=$IdentityInstance))"
6097-
}
6098-
}
6099-
}
6079+
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(displayname=$IdentityInstance))"
61006080
}
61016081
}
61026082
if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) {
@@ -6785,19 +6765,15 @@ Custom PSObject with ACL entries.
67856765
elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') {
67866766
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
67876767
}
6768+
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
6769+
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
6770+
$IdentityFilter += "(objectguid=$GuidByteString)"
6771+
}
6772+
elseif ($IdentityInstance.Contains('.')) {
6773+
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
6774+
}
67886775
else {
6789-
try {
6790-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
6791-
$IdentityFilter += "(objectguid=$GuidByteString)"
6792-
}
6793-
catch {
6794-
if ($IdentityInstance.Contains('.')) {
6795-
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))"
6796-
}
6797-
else {
6798-
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(displayname=$IdentityInstance))"
6799-
}
6800-
}
6776+
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(displayname=$IdentityInstance))"
68016777
}
68026778
}
68036779
if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) {
@@ -8671,11 +8647,19 @@ Custom PSObject with translated group property fields.
86718647
$IdentityFilter = ''
86728648
$Filter = ''
86738649
$Identity | Where-Object {$_} | ForEach-Object {
8674-
$IdentityInstance = $_
8675-
8676-
if ($IdentityInstance -match '.+\\.+') {
8677-
# DOMAIN\groupname
8678-
$ConvertedIdentityInstance = $IdentityInstance | Convert-ADName -OutputType Canonical
8650+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
8651+
if ($IdentityInstance -match '^S-1-') {
8652+
$IdentityFilter += "(objectsid=$IdentityInstance)"
8653+
}
8654+
elseif ($IdentityInstance -match '^CN=') {
8655+
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
8656+
}
8657+
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
8658+
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
8659+
$IdentityFilter += "(objectguid=$GuidByteString)"
8660+
}
8661+
elseif ($IdentityInstance.Contains('\')) {
8662+
$ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical
86798663
if ($ConvertedIdentityInstance) {
86808664
$GroupDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/'))
86818665
$GroupName = $IdentityInstance.Split('\')[1]
@@ -8686,24 +8670,10 @@ Custom PSObject with translated group property fields.
86868670
}
86878671
}
86888672
else {
8689-
$IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
8690-
if ($IdentityInstance -match '^S-1-.*') {
8691-
$IdentityFilter += "(objectsid=$IdentityInstance)"
8692-
}
8693-
elseif ($IdentityInstance -match '^CN=.*') {
8694-
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
8695-
}
8696-
else {
8697-
try {
8698-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
8699-
$IdentityFilter += "(objectguid=$GuidByteString)"
8700-
}
8701-
catch {
8702-
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
8703-
}
8704-
}
8673+
$IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))"
87058674
}
87068675
}
8676+
87078677
if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) {
87088678
$Filter += "(|$IdentityFilter)"
87098679
}
@@ -9396,10 +9366,19 @@ http://www.powershellmagazine.com/2013/05/23/pstip-retrieve-group-membership-of-
93969366
$IdentityFilter = ''
93979367
$Filter = ''
93989368
$Identity | Where-Object {$_} | ForEach-Object {
9399-
$IdentityInstance = $_
9400-
if ($IdentityInstance -match '.+\\.+') {
9401-
# DOMAIN\groupname
9402-
$ConvertedIdentityInstance = $IdentityInstance | Convert-ADName -OutputType Canonical
9369+
$IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29')
9370+
if ($IdentityInstance -match '^S-1-') {
9371+
$IdentityFilter += "(objectsid=$IdentityInstance)"
9372+
}
9373+
elseif ($IdentityInstance -match '^CN=') {
9374+
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
9375+
}
9376+
elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') {
9377+
$GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join ''
9378+
$IdentityFilter += "(objectguid=$GuidByteString)"
9379+
}
9380+
elseif ($IdentityInstance.Contains('\')) {
9381+
$ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical
94039382
if ($ConvertedIdentityInstance) {
94049383
$GroupDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/'))
94059384
$GroupName = $IdentityInstance.Split('\')[1]
@@ -9410,24 +9389,10 @@ http://www.powershellmagazine.com/2013/05/23/pstip-retrieve-group-membership-of-
94109389
}
94119390
}
94129391
else {
9413-
$IdentityInstance = $IdentityInstance.Replace('(', '\28').Replace(')', '\29')
9414-
if ($IdentityInstance -match '^S-1-.*') {
9415-
$IdentityFilter += "(objectsid=$IdentityInstance)"
9416-
}
9417-
elseif ($IdentityInstance -match '^CN=.*') {
9418-
$IdentityFilter += "(distinguishedname=$IdentityInstance)"
9419-
}
9420-
else {
9421-
try {
9422-
$GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1'
9423-
$IdentityFilter += "(objectguid=$GuidByteString)"
9424-
}
9425-
catch {
9426-
$IdentityFilter += "(samAccountName=$IdentityInstance)"
9427-
}
9428-
}
9392+
$IdentityFilter += "(samAccountName=$IdentityInstance)"
94299393
}
94309394
}
9395+
94319396
if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) {
94329397
$Filter += "(|$IdentityFilter)"
94339398
}

0 commit comments

Comments
 (0)