fox-it / invoke-aclpwn Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
I am receiving the following error below.
Not sure if its related but I am running it from a non-domain member system.
I specified the domain, username and password and it successfully bound to AD.
....
[] Getting schema classes...
[] Found 4729 schema classes
[] Getting extended rights from schema...
[] Found 142 extended rights
[*] Running SharpHound v2.0.0...
Get-SharpHoundACL : [Get-SharpHoundACL] No ACL input available.
At \github\Invoke-ACLPwn\Invoke-ACLPwn.ps1:1724 char:17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am getting the following error even though it completes.
Given its not finding any chains, is this error something I can ignore or is it causing the script not to find any chains?
You cannot call a method on a null-valued expression.
At \Invoke-ACLPwn.ps1:1754 char:60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You cannot call a method on a null-valued expression.
At \Invoke-ACLPwn.ps1:1754 char:60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You cannot call a method on a null-valued expression.
At \Invoke-ACLPwn.ps1:1754 char:60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[] Parsing ACL. This might take a while...
[] No chain found :(
I Get The Following Exception in the parsing process.
[] Found 4882 ACLs
[] Parsing ACL. This might take a while...
[Get-DistinguishedNameForObject] User not found.
In C:\Invoke-ACLPwn-master\Invoke-ACLPwn-master\Invoke-ACLPwn.ps1:144 Zeichen:9
throw '[Get-DistinguishedNameForObject] User not found.'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Some ideas, how to fix this?
This renders Invoke-ACLPwn useless in its current behavior when used in conjunction with an recent version of SharpHound
The new functionality allowing the use of Bloodhound 2.0 Json output to be parsed fails silently if sharphound.exe produces Json files larger than 2Mb. ConvertFrom-Json has a hardcoded 2Mb input limit.
replace the Json parse line 1489:
$tmp = ConvertFrom-Json $content -ErrorAction SilentlyContinue
with:
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions")
$jsonserial= New-Object -TypeName System.Web.Script.Serialization.JavaScriptSerializer
$jsonserial.MaxJsonLength = 67108864 #64Mb
$tmp = $jsonserial.DeserializeObject($content)
Running this tool with a user in the root domain of the forest works as expected. I have experienced the following failures:
[Get-AttrForADObject] User not found.
At B:\Invoke-ACLPwn.ps1:109 char:9
+ throw '[Get-AttrForADObject] User not found.'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: ([Get-AttrForADObject] User not found.:String) [], RuntimeException
+ FullyQualifiedErrorId : [Get-AttrForADObject] User not found.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.