mgeeky-Penetration-Testing-.../red-teaming/Count-PrivilegedGroupMembers.ps1

79 lines
1.8 KiB
PowerShell
Raw Normal View History

2020-03-04 16:51:29 +01:00
<#
This script enumerates privileged groups (Tier-) and counts their users.
By knowing how many privileged users are there in examined groups, we can
briefly estimate the configuration debt impact on the assessed Active Directory
or domain maintenance misconfiguration impact.
Usage:
PS> . .\Count-PrivilegedGroupMembers.ps1
PS> Count-PrivilegedGroupMembers
2021-10-24 23:11:42 +02:00
Mariusz Banach / mgeeky
2020-03-04 16:51:29 +01:00
#>
# This script requires PowerView 3.0 dev branch
# Import-Module powerview.ps1 -ErrorAction SilentlyContinue
Function Count-PrivilegedGroupMembers
{
[CmdletBinding()] Param(
[Parameter(Mandatory=$false)]
[String]
$Domain,
[Parameter(Mandatory=$false)]
[Switch]
$Recurse,
[Parameter(Mandatory=$false)]
[String]
$AdditionalGroupsFile
)
$PrivilegedGroups = @(
"Enterprise Admins"
"Domain Admins"
"Schema Admin"
"Account Operators"
"Backup Operators"
"Print Operators"
"Server Operators"
"Domain Controllers"
"Read-only Domain Controllers"
"Group Policy Creator Owners"
"Cryptographic Operators"
"Distributed COM Users"
)
$AdditionalGroups = @()
if($AdditionalGroupsFile.length -gt 0) {
[string[]]$AdditionalGroups = Get-Content -Path $AdditionalGroupsFile
}
$groups = $PrivilegedGroups + $AdditionalGroups
$GroupsMembers = @{}
foreach ($group in $groups)
{
$command = "(Get-DomainGroupMember -Identity '$group'"
if ($Recurse)
{
$command += " -Recurse"
}
if($Domain)
{
$command += " -Domain $Domain"
}
$command += " ).Count"
Write-Verbose "Running '$command'..."
$members = (Invoke-Expression $command) -as [int]
$GroupsMembers.Add($group, $members)
Write-Verbose "Got $members members in $group."
}
return $GroupsMembers
}