search

PowerShellEmpire / PowerTools

PowerTools is a collection of PowerShell projects with a focus on offensive operations.
Other
2.03k stars 817 forks source link

Groups by sid #56

Closed Meatballs1 closed 8 years ago

Meatballs1 commented 8 years ago

This changes Get-NetGroup to accept a SID, and Get-NetGroupMembers to default to the Domain Admins SID. Hopefully should be more language agnostic - but I have yet to test it in anger on foreign domains - not sure if all the other LDAP fields are the same?

Also adds a Get-DomainSID command.

n.b. I have fixed output to show the GroupName now for -recurse.

Ideally should also plug it into StealthUserHunter.

PS C:\Windows\System32\WindowsPowerShell\v1.0> Get-NetGroup -SID S-1-5-21-3469583980-2692176441-4150475799-512
Domain Admins

PS C:\Windows\System32\WindowsPowerShell\v1.0> Get-NetGroupMember -SID S-1-5-21-3469583980-2692176441-4150475799-512

GroupDomain  : test.lab
GroupName    : Domain Admins
MemberDomain : test.lab
MemberName   : parp
IsGroup      : True
MemberDN     : CN=parp,CN=Users,DC=test,DC=lab

GroupDomain  : test.lab
GroupName    : Domain Admins
MemberDomain : test.lab
MemberName   : Administrator
IsGroup      : False
MemberDN     : CN=Administrator,OU=Admins,DC=test,DC=lab

PS C:\Windows\System32\WindowsPowerShell\v1.0> Get-NetGroupMember -Recurse -SID S-1-5-21-3469583980-2692176441-4150475799-512

GroupDomain  : test.lab
GroupName    : 
MemberDomain : test.lab
MemberName   : Administrator
IsGroup      : False
MemberDN     : CN=Administrator,OU=Admins,DC=test,DC=lab

GroupDomain  : test.lab
GroupName    : 
MemberDomain : test.lab
MemberName   : test.user0001
IsGroup      : False
MemberDN     : CN=Test User (0001),CN=Users,DC=test,DC=lab

PS C:\Windows\System32\WindowsPowerShell\v1.0> Get-NetGroupMember -Recurse

GroupDomain  : test.lab
GroupName    : 
MemberDomain : test.lab
MemberName   : Administrator
IsGroup      : False
MemberDN     : CN=Administrator,OU=Admins,DC=test,DC=lab

GroupDomain  : test.lab
GroupName    : 
MemberDomain : test.lab
MemberName   : test.user0001
IsGroup      : False
MemberDN     : CN=Test User (0001),CN=Users,DC=test,DC=lab

PS C:\Windows\System32\WindowsPowerShell\v1.0> Get-NetGroupMember

GroupDomain  : test.lab
GroupName    : Domain Admins
MemberDomain : test.lab
MemberName   : parp
IsGroup      : True
MemberDN     : CN=parp,CN=Users,DC=test,DC=lab

GroupDomain  : test.lab
GroupName    : Domain Admins
MemberDomain : test.lab
MemberName   : Administrator
IsGroup      : False
MemberDN     : CN=Administrator,OU=Admins,DC=test,DC=lab

PS C:\Windows\System32\WindowsPowerShell\v1.0>
HarmJ0y commented 8 years ago

cool stuff! love the direction the code base is going. planning on potentially merging 2.0 to master next week and posting a conversion guide.