search

PowerShellEmpire / PowerTools

PowerTools is a collection of PowerShell projects with a focus on offensive operations.
Other
2.05k stars 811 forks source link

Invoke-MapDomainTrusts does not handle forest trusts #7

Closed jalliot closed 8 years ago

jalliot commented 9 years ago

Hello,

Excellent piece of work! It is too bad though that the Invoke-MapDomainTrusts cmdlet does not handle forest trusts. The result is not complete then. Do you think it is possible to add the feature?

HarmJ0y commented 9 years ago

Good idea! Shouldn't be hard to implement, will try to play with it this weekend.

Sent from my iPhone

On Mar 9, 2015, at 5:11 AM, Jordan Alliot notifications@github.com wrote:

Hello,

Excellent piece of work! It is too bad though that the Invoke-MapDomainTrusts cmdlet does not handle forest trusts. The result is not complete then. Do you think it is possible to add the feature?

— Reply to this email directly or view it on GitHub.

FloGatt commented 8 years ago

Hi,

you can modify it like this:

...

       try {
           # get all the trusts for this domain
           if($LDAP -or $DomainController) {
               $Trusts = Get-NetDomainTrust -Domain $Domain -LDAP -DomainController $DomainController -PageSize $PageSize
              $Trusts_forest = Get-NetForestTrust -PageSize $PageSize
          }
           else {
               $Trusts = Get-NetDomainTrust -Domain $Domain -PageSize $PageSize
              $Trusts_forest = Get-NetForestTrust -PageSize $PageSize
           }

           if ($Trusts) {

               # enumerate each trust found
               ForEach ($Trust in $Trusts) {
                   $SourceDomain = $Trust.SourceName
                   $TargetDomain = $Trust.TargetName
                   $TrustType = $Trust.TrustType
                   $TrustDirection = $Trust.TrustDirection

                   # make sure we process the target
                   $Null = $Domains.push($TargetDomain)

                   # build the nicely-parsable custom output object
                   $DomainTrust = New-Object PSObject
                   $DomainTrust | Add-Member Noteproperty 'SourceDomain' "$SourceDomain"
                   $DomainTrust | Add-Member Noteproperty 'TargetDomain' "$TargetDomain"
                   $DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustType"
                   $DomainTrust | Add-Member Noteproperty 'TrustDirection' "$TrustDirection"
                   $DomainTrust
               }

          if ($Trusts_forest) {

               # enumerate each trust found
               ForEach ($Trust in $Trusts_forest) {
                   $SourceDomain = $Trust.SourceName
                   $TargetDomain = $Trust.TargetName
                   $TrustType = $Trust.TrustType
                   $TrustDirection = $Trust.TrustDirection

                   # make sure we process the target
                   $Null = $Domains.push($TargetDomain)

                   # build the nicely-parsable custom output object
                   $DomainTrust = New-Object PSObject
                   $DomainTrust | Add-Member Noteproperty 'SourceDomain' "$SourceDomain"
                   $DomainTrust | Add-Member Noteproperty 'TargetDomain' "$TargetDomain"
                   $DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustType"
                   $DomainTrust | Add-Member Noteproperty 'TrustDirection' "$TrustDirection"
                   $DomainTrust
               }
           }
       }
   }
  catch {
           Write-Warning "[!] Error: $_"
       }

...

HarmJ0y commented 8 years ago

Apologies that this took so long.

I realized that the -LDAP option for Invoke-MapDomainTrust actually already maps forest trusts. I went ahead and added the non-LDAP recursing mapping here https://github.com/PowerShellEmpire/PowerTools/commit/c0134dd13b722d42b633d70c91fede17bbecb79d , which should now be in master.

Thanks @FloGatt !