Skip to content

Commit

Permalink
Fixed some Invoke-MapDomainTrust and Get-NetDomainTrust logic
Browse files Browse the repository at this point in the history
Changed domain/forest Write-Warning's to Write-Verbose
  • Loading branch information
HarmJ0y committed Jun 13, 2016
1 parent e7ac71a commit 59d5e29
Showing 1 changed file with 57 additions and 46 deletions.
103 changes: 57 additions & 46 deletions PowerShell/BloodHound.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -2188,7 +2188,7 @@ filter Get-NetDomain {
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
}
catch {
Write-Warning "The specified domain does '$Domain' not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
Write-Verbose "The specified domain does '$Domain' not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
$Null
}
}
Expand All @@ -2198,7 +2198,7 @@ filter Get-NetDomain {
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
}
catch {
Write-Warning "The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust."
Write-Verbose "The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust."
$Null
}
}
Expand Down Expand Up @@ -2257,7 +2257,7 @@ filter Get-NetForest {
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
}
catch {
Write-Warning "The specified forest '$Forest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
Write-Verbose "The specified forest '$Forest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
$Null
}
}
Expand All @@ -2267,7 +2267,7 @@ filter Get-NetForest {
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
}
catch {
Write-Warning "The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust."
Write-Verbose "The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust."
return $Null
}
}
Expand Down Expand Up @@ -12515,6 +12515,22 @@ function Get-NetDomainTrust {
$Credential
)

begin {
$TrustAttributes = @{
[uint32]'0x00000001' = 'non_transitive'
[uint32]'0x00000002' = 'uplevel_only'
[uint32]'0x00000004' = 'quarantined_domain'
[uint32]'0x00000008' = 'forest_transitive'
[uint32]'0x00000010' = 'cross_organization'
[uint32]'0x00000020' = 'within_forest'
[uint32]'0x00000040' = 'treat_as_external'
[uint32]'0x00000080' = 'trust_uses_rc4_encryption'
[uint32]'0x00000100' = 'trust_uses_aes_keys'
[uint32]'0x00000200' = 'cross_organization_no_tgt_delegation'
[uint32]'0x00000400' = 'pim_trust'
}
}

process {

if(-not $Domain) {
Expand All @@ -12533,33 +12549,21 @@ function Get-NetDomainTrust {

if($TrustSearcher) {

$TrustSearcher.filter = '(&(objectClass=trustedDomain))'
$TrustSearcher.Filter = '(objectClass=trustedDomain)'

$Results = $TrustSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object {
$Props = $_.Properties
$DomainTrust = New-Object PSObject
$TrustAttrib = Switch ($Props.trustattributes)
{
0x001 { "non_transitive" }
0x002 { "uplevel_only" }
0x004 { "quarantined_domain" }
0x008 { "forest_transitive" }
0x010 { "cross_organization" }
0x020 { "within_forest" }
0x040 { "treat_as_external" }
0x080 { "trust_uses_rc4_encryption" }
0x100 { "trust_uses_aes_keys" }
Default {
Write-Warning "Unknown trust attribute: $($Props.trustattributes)";
"$($Props.trustattributes)";
}
}

$TrustAttrib = @()
$TrustAttrib += $TrustAttributes.Keys | Where-Object { $Props.trustattributes[0] -band $_ } | ForEach-Object { $TrustAttributes[$_] }

$Direction = Switch ($Props.trustdirection) {
0 { "Disabled" }
1 { "Inbound" }
2 { "Outbound" }
3 { "Bidirectional" }
0 { 'Disabled' }
1 { 'Inbound' }
2 { 'Outbound' }
3 { 'Bidirectional' }
}
$ObjectGuid = New-Object Guid @(,$Props.objectguid[0])
$TargetSID = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value
Expand All @@ -12568,7 +12572,7 @@ function Get-NetDomainTrust {
$DomainTrust | Add-Member Noteproperty 'TargetName' $Props.name[0]
$DomainTrust | Add-Member Noteproperty 'TargetSID' $TargetSID
$DomainTrust | Add-Member Noteproperty 'ObjectGuid' "{$ObjectGuid}"
$DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustAttrib"
$DomainTrust | Add-Member Noteproperty 'TrustType' $($TrustAttrib -join ',')
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction"
$DomainTrust
}
Expand Down Expand Up @@ -12640,7 +12644,7 @@ function Get-NetDomainTrust {
}
}
else {
Write-Error "Could not retrieve domain controller for $Domain"
Write-Verbose "Could not retrieve domain controller for $Domain"
}
}
else {
Expand Down Expand Up @@ -13125,34 +13129,41 @@ function Invoke-MapDomainTrust {
}

# get any forest trusts, if they exist
$Trusts += Get-NetForestTrust -Forest $Domain -Credential $Credential
if(-not ($LDAP -or $DomainController) ) {
$Trusts += Get-NetForestTrust -Forest $Domain -Credential $Credential
}

if ($Trusts) {
if($Trusts -isnot [System.Array]) {
$Trusts = @($Trusts)
}

# enumerate each trust found
ForEach ($Trust in $Trusts) {
$SourceDomain = $Trust.SourceName
$TargetDomain = $Trust.TargetName
$TrustType = $Trust.TrustType
$TrustDirection = $Trust.TrustDirection

# make sure we process the target
$Null = $Domains.push($TargetDomain)

# build the nicely-parsable custom output object
$DomainTrust = New-Object PSObject
$DomainTrust | Add-Member Noteproperty 'SourceDomain' "$SourceDomain"
$DomainTrust | Add-Member Noteproperty 'SourceSID' $Trust.SourceSID
$DomainTrust | Add-Member Noteproperty 'TargetDomain' "$TargetDomain"
$DomainTrust | Add-Member Noteproperty 'TargetSID' $Trust.TargetSID
$DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustType"
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$TrustDirection"
$DomainTrust
if($Trust.SourceName -and $Trust.TargetName) {
$SourceDomain = $Trust.SourceName
$TargetDomain = $Trust.TargetName
$TrustType = $Trust.TrustType
$TrustDirection = $Trust.TrustDirection

# make sure we process the target
$Null = $Domains.push($TargetDomain)

# build the nicely-parsable custom output object
$DomainTrust = New-Object PSObject
$DomainTrust | Add-Member Noteproperty 'SourceDomain' "$SourceDomain"
$DomainTrust | Add-Member Noteproperty 'SourceSID' $Trust.SourceSID
$DomainTrust | Add-Member Noteproperty 'TargetDomain' "$TargetDomain"
$DomainTrust | Add-Member Noteproperty 'TargetSID' $Trust.TargetSID
$DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustType"
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$TrustDirection"
$DomainTrust
}
}
}
}
catch {
Write-Warning "[!] Error: $_"
Write-Verbose "[!] Error: $_"
}
}
}
Expand Down

0 comments on commit 59d5e29

Please sign in to comment.