search

PowerShellMafia / PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework
Other
11.68k stars 4.59k forks source link

Powerview Get-DomainObjectAcl IdentityReference property missing in latest dev branch #342

Open gladiatx0r opened 4 years ago

gladiatx0r commented 4 years ago

In the Master branch version of PowerView.ps1, Get-ObjectAcl succesfully retrieves the IdentityReference property. In the Dev branch it does not. I don't think its isolated to Get-ObjectAcl, but it might be (I need to do more testing).

Here is the result of Get-ObjectAcl run on the same machine, on the same domain. The one on the left using the master branch version, the one on the right using the Dev branch version.

image

FWIW I also ran Get-DomainObjectAcl (the alias) with (not surprisingly) the same result.

I am running on Windows Server 2016 v1607 OS Build 14393.3326, PowerShell version 5.1.14393.3053. I am not sure how to check the Powerview version but I pulled it directly from the master and dev branches as of a 10 minutes ago.

gladiatx0r commented 4 years ago

Just confirmed its not isolated to the Get-ObjectAcl method. The same issue exists in other methods, for example running;

Get-NetGPO | %{Get-ObjectAcl -ResolveGUIDs -Name $_.Name} |Select IdentityReference

Results in the same behavior as indicated above.