Updated Get-DomainOUTree (and renamed it)

This commit is contained in:
mb 2018-12-19 14:15:39 +01:00
parent f27ae78043
commit e7b0abd3d4
2 changed files with 68 additions and 1 deletions

View File

@ -7,6 +7,59 @@
Optional Dependencies: None
#>
function Get-DomainOUTree
{
<#
.SYNOPSIS
Author: Mariusz B. (@mgeeky)
License: BSD 3-Clause
Required Dependencies: PowerView.ps1
Optional Dependencies: None
Prints out Organizational Units collected from Get-DomainOU as a tree.
.DESCRIPTION
Collects OU lines returned from PowerView's Get-NetOU cmdlet,
and then prints that structure as a Organizational Units tree.
It works with newer PowerView version (from dev branch as of 2018), that
has reworked Get-NetOU into Get-DomainOU.
.PARAMETER OU
Parameter passed from pipelined PowerView's Get-DomainOU cmdlet.
That cmdlet will return list of OUs in form of: "OU=...,DC=local,DC=test".
.EXAMPLE
PS> Get-DomainOU | Get-DomainOUTree
#>
[CmdletBinding()]
Param
(
[Parameter(ValueFromPipelineByPropertyName = $True)]
$Distinguishedname
)
begin
{
$OUlines = @()
}
process
{
$OUlines += $Distinguishedname
}
end
{
$OUlines | Get-NetOUTree
}
}
function Get-NetOUTree
{
<#
@ -24,6 +77,9 @@ function Get-NetOUTree
Collects OU lines returned from PowerView's Get-NetOU cmdlet,
and then prints that structure as a Organizational Units tree.
It works with older PowerView version (from before 12 dec 2016), that
got Get-NetOU cmdlet.
.PARAMETER OU
Parameter passed from pipelined PowerView's Get-NetOU cmdlet.

View File

@ -20,6 +20,9 @@ IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, [IO.Com
- **`Export-ReconData.ps1`** - Powershell script leveraging [PowerSploit Recon](https://github.com/PowerShellMafia/PowerSploit) module (PowerView) to save output from Reconnaissance cmdlets like `Get-Net*`, `Invoke-*` into _Clixml_ files. Those files (stored in an output directory as separate XML files) can later be extracted from attacked environment and loaded to a new powershell runspace using the same script. Very useful when we want to obtain as many data as possible, then exfiltrate that data, review it in our safe place and then get back to attacked domain for lateral spread. **Warning**: Be careful though, as this script launches many reconnaissance commands one by one, this WILL generate a lot of noise. Microsoft ATA for instance for sure pick you up with _"Reconnaissance using SMB session enumeration"_ after you've launched `Invoke-UserHunter`.
**WARNING:** At the moment this script works only with older version of PowerView - from before 12 dev 2016, where
it had Get-NetUser/Get-NetComputer/Get-Net* commands only.
Exposed functions:
- `Export-ReconData` - Launches many cmdlets and exports their Clixml outputs.
- `Import-ReconData -DirName <DIR>` - Loads Clixml previously exported outputs and stores them in Global variables reachable when script terminates.
@ -137,10 +140,18 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py Show-
------------------------------------------------------------------------------------
```
- **`Get-NetOUTree.ps1`** - Collects OU lines returned from **PowerView's** `Get-NetOU` cmdlet, and then prints that structure as a _Organizational Units tree_.
- **`Get-DomainOUTree.ps1`** - Collects OU lines returned from **PowerView's** `Get-NetOU`/`Get-DomainOU` cmdlet, and then prints that structure as a _Organizational Units tree_.
This scriptlet works with both older version of PowerView that got implemented `Get-NetOU` cmdlet, by passing its output via pipeline to `Get-NetOUTree`:
```
PS E:\PowerSploit\Recon> Get-NetOU | Get-NetOUTree
```
or with new version of PowerView coming with it's `Get-DomainOU` cmdlet.
```
PS E:\PowerSploit\Recon> Get-DomainOU | Get-DomainOUTree
+ CONTOSO
+ SharedFolders
+ Departments