the-useless-one
commented
8 years ago Hey dude, thanks for the issue!
It's a shame your assignment ended this week cause I had a few questions regarding this issue. The problem does not come from the fact that there is a domain group inside the local "Administrateurs" group (this test case was covered ;). It comes from the second-to-last result, the one where PowerView did not resolve the SID.
PywerView works this way to get members of a local group:
- We recover every SID from the local group
- We first extract the RID from the SID, and try to see if it's resolvable to a local user or a local group
- It it's not resolvable locally, we assume it's a domain SID, and we try to resolve it against the DC
Obviously, this last step failed in your execution of PywerView, which is what raised the exception. PowerView did not manage to resolve the SID either, but returned it raw instead. I just published a fix to imitate this behavior, instead of failing.
The remaining question is "why did this SID not resolve, either against the local machine or against the DC?" But since your assignment is done, we'll never know :'(
ThePirateWhoSmellsOfSunflowers
Hi dude ! An error occurs when I try to get local groups on a target, more precisely when a domain group is included in local group. Tested on Windows XP/7 target.
Pywerview
$ ./pywerview.py get-netlocalgroup -w DOMAIN.lan -u administrator -p p@ssw0rd --dc-ip 192.168.1.1 --groupname Administrateurs --computername COMPUTER05.domain.lanPS C:\Users\administrator> Get-NetLocalGroup -ComputerName COMPUTER05.domain.lan -GroupName Administrateurs(damn github markdown is sooooo lame)
Thanks for your tool by the way :+1:
"Joy and Volupted"