Skip to content

Commit

Permalink
Merge pull request PowerShellMafia#174 from Meatballs1/securitygroups
Browse files Browse the repository at this point in the history 
Retrieve Security groups by default
  • Loading branch information
@HarmJ0y
HarmJ0y authored Dec 1, 2016
2 parents 926979a + 917a095 commit 520bf43
Showing 1 changed file with 23 additions and 12 deletions.
35 changes: 23 additions & 12 deletions Recon/PowerView.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5105,22 +5105,26 @@ function Get-NetGroup {
A [Management.Automation.PSCredential] object of alternate credentials
for connection to the target domain.
.PARAMETER AllTypes
By default we will retrieve only Security, not Distribution Groups.
.EXAMPLE
PS C:\> Get-NetGroup
Returns the current groups in the domain.
Returns the current security groups in the domain.
.EXAMPLE
PS C:\> Get-NetGroup -GroupName *admin*
Returns all groups with "admin" in their group name.
.EXAMPLE
PS C:\> Get-NetGroup -Domain testing -FullData
Returns full group data objects in the 'testing' domain
#>

Expand All @@ -5141,10 +5145,10 @@ function Get-NetGroup {

[String]
$Domain,

[String]
$DomainController,

[String]
$ADSpath,

Expand All @@ -5157,7 +5161,10 @@ function Get-NetGroup {
[Switch]
$RawSids,

[ValidateRange(1,10000)]
[Switch]
$AllTypes,

[ValidateRange(1,10000)]
[Int]
$PageSize = 200,

Expand All @@ -5167,6 +5174,10 @@ function Get-NetGroup {

begin {
$GroupSearcher = Get-DomainSearcher -Domain $Domain -DomainController $DomainController -Credential $Credential -ADSpath $ADSpath -PageSize $PageSize
if (!$AllTypes)
{
$Filter += "(groupType:1.2.840.113556.1.4.803:=2147483648)"
}
}

process {
Expand Down Expand Up @@ -5221,7 +5232,7 @@ function Get-NetGroup {
else {
$GroupSearcher.filter = "(&(objectCategory=group)(samaccountname=$GroupName)$Filter)"
}

$Results = $GroupSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
# if we're returning full data objects
Expand Down Expand Up @@ -5376,15 +5387,15 @@ function Get-NetGroupMember {
if ($Recurse -and $UseMatchingRule) {
# resolve the group to a distinguishedname
if ($GroupName) {
$Group = Get-NetGroup -GroupName $GroupName -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
$Group = Get-NetGroup -AllTypes -GroupName $GroupName -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
}
elseif ($SID) {
$Group = Get-NetGroup -SID $SID -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
$Group = Get-NetGroup -AllTypes -SID $SID -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
}
else {
# default to domain admins
$SID = (Get-DomainSID -Domain $TargetDomain -DomainController $TargetDomainController) + "-512"
$Group = Get-NetGroup -SID $SID -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
$Group = Get-NetGroup -AllTypes -SID $SID -Domain $TargetDomain -DomainController $TargetDomainController -Credential $Credential -FullData -PageSize $PageSize
}
$GroupDN = $Group.distinguishedname
$GroupFoundName = $Group.samaccountname
Expand Down Expand Up @@ -13098,7 +13109,7 @@ function Find-ManagedSecurityGroups {
#>

# Go through the list of security groups on the domain and identify those who have a manager
Get-NetGroup -FullData -Filter '(&(managedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))' | Select-Object -Unique distinguishedName,managedBy,cn | ForEach-Object {
Get-NetGroup -FullData -Filter '(managedBy=*)' | Select-Object -Unique distinguishedName,managedBy,cn | ForEach-Object {

# Retrieve the object that the managedBy DN refers to
$group_manager = Get-ADObject -ADSPath $_.managedBy | Select-Object cn,distinguishedname,name,samaccounttype,samaccountname
Expand Down

0 comments on commit 520bf43

Please sign in to comment.