2020-02-08 16:06:06 -05:00
|
|
|
function Invoke-BloodHound{
|
|
|
|
|
<#
|
|
|
|
|
.SYNOPSIS
|
|
|
|
|
Runs the BloodHound C# Ingestor using reflection. The assembly is stored in this file.
|
|
|
|
|
.DESCRIPTION
|
|
|
|
|
Using reflection and assembly.load, load the compiled BloodHound C# ingestor into memory
|
|
|
|
|
and run it without touching disk. Parameters are converted to the equivalent CLI arguments
|
|
|
|
|
for the SharpHound executable and passed in via reflection. The appropriate function
|
|
|
|
|
calls are made in order to ensure that assembly dependencies are loaded properly.
|
|
|
|
|
.PARAMETER CollectionMethod
|
|
|
|
|
Specifies the CollectionMethod being used. Possible value are:
|
|
|
|
|
Group - Collect group membership information
|
|
|
|
|
LocalGroup - Collect local group information for computers
|
|
|
|
|
LocalAdmin - Collect local admin users for computers
|
|
|
|
|
RDP - Collect remote desktop users for computers
|
|
|
|
|
DCOM - Collect distributed COM users for computers
|
2020-08-04 09:06:45 -04:00
|
|
|
PSRemote - Collected members of the Remote Management Users group for computers
|
2020-02-08 16:06:06 -05:00
|
|
|
Session - Collect session information for computers
|
|
|
|
|
SessionLoop - Continuously collect session information until killed
|
|
|
|
|
Trusts - Enumerate domain trust data
|
|
|
|
|
ACL - Collect ACL (Access Control List) data
|
|
|
|
|
Container - Collect GPO/OU Data
|
|
|
|
|
ComputerOnly - Collects Local Admin and Session data
|
|
|
|
|
GPOLocalGroup - Collects Local Admin information using GPO (Group Policy Objects)
|
|
|
|
|
LoggedOn - Collects session information using privileged methods (needs admin!)
|
|
|
|
|
ObjectProps - Collects node property information for users and computers
|
2020-08-04 09:06:45 -04:00
|
|
|
SPNTargets - Collects SPN targets (currently only MSSQL)
|
2020-02-08 16:06:06 -05:00
|
|
|
Default - Collects Group Membership, Local Admin, Sessions, and Domain Trusts
|
|
|
|
|
DcOnly - Collects Group Membership, ACLs, ObjectProps, Trusts, Containers, and GPO Admins
|
2020-04-02 21:32:39 -05:00
|
|
|
All - Collect all data except GPOLocalGroup
|
2020-02-08 16:06:06 -05:00
|
|
|
This can be a list of comma seperated valued as well to run multiple collection methods!
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER Stealth
|
2020-02-08 16:06:06 -05:00
|
|
|
Use stealth collection options, will sacrifice data quality in favor of much reduced
|
|
|
|
|
network impact
|
2020-04-02 21:32:39 -05:00
|
|
|
.PARAMETER Domain
|
|
|
|
|
Specifies the domain to enumerate. If not specified, will enumerate the current
|
|
|
|
|
domain your user context specifies.
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER WindowsOnly
|
|
|
|
|
Limits computer collection to systems that have an operatingssytem attribute that matches *Windows*
|
|
|
|
|
.PARAMETER ComputerFile
|
2020-02-08 16:06:06 -05:00
|
|
|
A file containing a list of computers to enumerate. This option can only be used with the following Collection Methods:
|
|
|
|
|
Session, SessionLoop, LocalGroup, ComputerOnly, LoggedOn
|
2020-04-02 21:32:39 -05:00
|
|
|
.PARAMETER LdapFilter
|
|
|
|
|
Append this ldap filter to the search filter to further filter the results enumerated
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER SearchBase
|
|
|
|
|
DistinguishedName to start LDAP searches at. Equivalent to the old --OU option
|
2020-04-02 21:32:39 -05:00
|
|
|
.PARAMETER OutputDirectory
|
|
|
|
|
Folder to output files too
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER OutputPrefix
|
2020-04-02 21:32:39 -05:00
|
|
|
Prefix to add to output files
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER PrettyJSON
|
2020-04-02 21:32:39 -05:00
|
|
|
Output "pretty" json with formatting for readability
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER CacheFilename
|
2020-04-02 21:32:39 -05:00
|
|
|
Name for the cache file dropped to disk (default: unique hash generated per machine)
|
|
|
|
|
.PARAMETER RandomFilenames
|
|
|
|
|
Randomize file names completely
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER ZipFilename
|
2020-04-02 21:32:39 -05:00
|
|
|
Name for the zip file output by data collection
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER NoSaveCache
|
2020-04-02 21:32:39 -05:00
|
|
|
Don't write the cache file to disk. Caching will still be performed in memory.
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER EncryptZip
|
2020-04-02 21:32:39 -05:00
|
|
|
Encrypt the zip file with a random password
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER NoZip
|
2020-04-02 21:32:39 -05:00
|
|
|
Do NOT zip the json files
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER InvalidateCache
|
2020-04-02 21:32:39 -05:00
|
|
|
Invalidate and rebuild the cache file
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER LdapFilter
|
2020-04-02 21:32:39 -05:00
|
|
|
Append this ldap filter to the search filter to further filter the results enumerated
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER DomainController
|
2020-04-02 21:32:39 -05:00
|
|
|
Domain Controller to connect too. Specifiying this can result in data loss
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER LdapPort
|
2020-04-02 21:32:39 -05:00
|
|
|
Port LDAP is running on. Defaults to 389/686 for LDAPS
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER SecureLDAP
|
2020-04-02 21:32:39 -05:00
|
|
|
Connect to LDAPS (LDAP SSL) instead of regular LDAP
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER DisableKerberosSigning
|
2020-04-02 21:32:39 -05:00
|
|
|
Disables keberos signing/sealing, making LDAP traffic viewable
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER LdapUsername
|
2020-04-02 21:32:39 -05:00
|
|
|
Username for connecting to LDAP. Use this if you're using a non-domain account for connecting to computers
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER LdapPassword
|
2020-04-02 21:32:39 -05:00
|
|
|
Password for connecting to LDAP. Use this if you're using a non-domain account for connecting to computers
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER SkipPortScan
|
2020-04-02 21:32:39 -05:00
|
|
|
Skip SMB port checks when connecting to computers
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER PortScanTimeout
|
2020-04-02 21:32:39 -05:00
|
|
|
Timeout for SMB port checks
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER ExcludeDomainControllers
|
2020-04-02 21:32:39 -05:00
|
|
|
Exclude domain controllers from enumeration (usefult o avoid Microsoft ATP/ATA)
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER Throttle
|
2020-04-02 21:32:39 -05:00
|
|
|
Throttle requests to computers (in milliseconds)
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER Jitter
|
2020-04-02 21:32:39 -05:00
|
|
|
Add jitter to throttle
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER OverrideUserName
|
2020-04-02 21:32:39 -05:00
|
|
|
Override username to filter for NetSessionEnum
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER NoRegistryLoggedOn
|
2020-04-02 21:32:39 -05:00
|
|
|
Disable remote registry check in LoggedOn collection
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER DumpComputerStatus
|
2020-04-02 21:32:39 -05:00
|
|
|
Dumps error codes from attempts to connect to computers
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER RealDNSName
|
2020-04-02 21:32:39 -05:00
|
|
|
Overrides the DNS name used for API calls
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER CollectAllProperties
|
2020-04-02 21:32:39 -05:00
|
|
|
Collect all string LDAP properties on objects
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER StatusInterval
|
2020-04-02 21:32:39 -05:00
|
|
|
Interval for displaying status in milliseconds
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER Loop
|
2020-04-02 21:32:39 -05:00
|
|
|
Perform looping for computer collection
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER LoopDuration
|
2020-04-02 21:32:39 -05:00
|
|
|
Duration to perform looping (Default 02:00:00)
|
2020-08-04 09:06:45 -04:00
|
|
|
.PARAMETER LoopInterval
|
2020-04-02 21:32:39 -05:00
|
|
|
Interval to sleep between loops (Default 00:05:00)
|
2020-02-08 16:06:06 -05:00
|
|
|
.EXAMPLE
|
|
|
|
|
PS C:\> Invoke-BloodHound
|
|
|
|
|
Executes the default collection options and exports JSONs to the current directory, compresses the data to a zip file,
|
|
|
|
|
and then removes the JSON files from disk
|
|
|
|
|
.EXAMPLE
|
2020-04-02 21:32:39 -05:00
|
|
|
PS C:\> Invoke-BloodHound -Loop -LoopInterval 00:01:00 -LoopDuration 00:10:00
|
2020-02-08 16:06:06 -05:00
|
|
|
Executes session collection in a loop. Will wait 1 minute after each run to continue collection
|
|
|
|
|
and will continue running for 10 minutes after which the script will exit
|
|
|
|
|
.EXAMPLE
|
|
|
|
|
PS C:\> Invoke-BloodHound -CollectionMethod All
|
|
|
|
|
Runs ACL, ObjectProps, Container, and Default collection methods, compresses the data to a zip file,
|
|
|
|
|
and then removes the JSON files from disk
|
|
|
|
|
.EXAMPLE (Opsec!)
|
|
|
|
|
PS C:\> Invoke-BloodHound -CollectionMethod DCOnly --NoSaveCache --RandomFilenames --EncryptZip
|
2020-08-04 09:06:45 -04:00
|
|
|
Run LDAP only collection methods (Groups, Trusts, ObjectProps, ACL, Containers, GPO Admins) without outputting the cache file to disk.
|
2020-02-08 16:06:06 -05:00
|
|
|
Randomizes filenames of the JSON files and the zip file and adds a password to the zip file
|
|
|
|
|
#>
|
2018-10-16 17:53:02 +02:00
|
|
|
param(
|
|
|
|
|
[String[]]
|
|
|
|
|
$CollectionMethod = [string[]] @('Default'),
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$Stealth,
|
2018-10-16 17:53:02 +02:00
|
|
|
[String]
|
|
|
|
|
$Domain,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$WindowsOnly,
|
2020-08-04 09:06:45 -04:00
|
|
|
[String]
|
2020-04-02 21:32:39 -05:00
|
|
|
$ComputerFile,
|
2020-08-04 09:06:45 -04:00
|
|
|
[ValidateScript({ Test-Path -Path $_ })]
|
2020-04-02 21:32:39 -05:00
|
|
|
[String]
|
|
|
|
|
$OutputDirectory = $(Get-Location),
|
2020-08-04 09:06:45 -04:00
|
|
|
[ValidateNotNullOrEmpty()]
|
2020-04-02 21:32:39 -05:00
|
|
|
[String]
|
|
|
|
|
$OutputPrefix,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$PrettyJson,
|
2020-08-04 09:06:45 -04:00
|
|
|
[String]
|
2020-04-02 21:32:39 -05:00
|
|
|
$CacheFileName,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$RandomizeFilenames,
|
2020-08-04 09:06:45 -04:00
|
|
|
[String]
|
2020-04-02 21:32:39 -05:00
|
|
|
$ZipFilename,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$NoSaveCache,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$EncryptZip,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$InvalidateCache,
|
2018-10-16 17:53:02 +02:00
|
|
|
[String]
|
2020-04-02 21:32:39 -05:00
|
|
|
$LdapFilter,
|
2020-08-04 09:06:45 -04:00
|
|
|
[string]
|
2018-10-16 17:53:02 +02:00
|
|
|
$DomainController,
|
2020-08-04 09:06:45 -04:00
|
|
|
[int]
|
2018-10-16 17:53:02 +02:00
|
|
|
$LdapPort,
|
|
|
|
|
[Switch]
|
|
|
|
|
$SecureLdap,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$DisableKerbSigning,
|
2020-08-04 09:06:45 -04:00
|
|
|
[String]
|
2020-04-02 21:32:39 -05:00
|
|
|
$LdapUsername,
|
2018-10-16 17:53:02 +02:00
|
|
|
[String]
|
2020-04-02 21:32:39 -05:00
|
|
|
$LdapPassword,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$SkipPortScan,
|
2020-08-04 09:06:45 -04:00
|
|
|
[ValidateRange(50,5000)]
|
2018-10-16 17:53:02 +02:00
|
|
|
[int]
|
2020-04-02 21:32:39 -05:00
|
|
|
$PortScanTimeout = 2000,
|
2018-10-16 17:53:02 +02:00
|
|
|
[Switch]
|
2020-04-02 21:32:39 -05:00
|
|
|
$ExcludeDomainControllers,
|
2020-08-04 09:06:45 -04:00
|
|
|
[ValidateRange(0,100)]
|
2018-10-16 17:53:02 +02:00
|
|
|
[int]
|
|
|
|
|
$Jitter,
|
|
|
|
|
[int]
|
|
|
|
|
$Throttle,
|
2020-08-04 09:06:45 -04:00
|
|
|
[String]
|
2020-04-02 21:32:39 -05:00
|
|
|
$OverrideUsername,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
|
|
|
|
$NoRegistryLoggedOn,
|
|
|
|
|
[Switch]
|
|
|
|
|
$DumpComputerStatus,
|
|
|
|
|
[String]
|
|
|
|
|
$RealDNSName,
|
|
|
|
|
[Switch]
|
|
|
|
|
$CollectAllProperties,
|
|
|
|
|
[ValidateRange(500,60000)]
|
2018-10-16 17:53:02 +02:00
|
|
|
[int]
|
|
|
|
|
$StatusInterval,
|
2020-08-04 09:06:45 -04:00
|
|
|
[Switch]
|
|
|
|
|
$Loop,
|
|
|
|
|
[String]
|
|
|
|
|
$LoopDuration,
|
|
|
|
|
[String]
|
|
|
|
|
$LoopInterval,
|
|
|
|
|
[String]
|
|
|
|
|
$SearchBase
|
2018-10-16 17:53:02 +02:00
|
|
|
)
|
|
|
|
|
$vars = New-Object System.Collections.Generic.List[System.Object]
|
|
|
|
|
$vars.Add("-c")
|
|
|
|
|
foreach ($cmethod in $CollectionMethod){
|
|
|
|
|
$vars.Add($cmethod);
|
|
|
|
|
}
|
|
|
|
|
if ($Domain){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--Domain");
|
2018-10-16 17:53:02 +02:00
|
|
|
$vars.Add($Domain);
|
|
|
|
|
}
|
|
|
|
|
if ($Stealth){
|
|
|
|
|
$vars.Add("--Stealth")
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($WindowsOnly){
|
|
|
|
|
$vars.Add("--WindowsOnly")
|
|
|
|
|
}
|
|
|
|
|
if ($ComputerFile){
|
2018-10-16 17:53:02 +02:00
|
|
|
$vars.Add("--ComputerFile");
|
|
|
|
|
$vars.Add($ComputerFile);
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($OutputDirectory){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--OutputDirectory");
|
|
|
|
|
$vars.Add($OutputDirectory);
|
|
|
|
|
}
|
|
|
|
|
if ($OutputPrefix){
|
|
|
|
|
$vars.Add("--OutputPrefix");
|
|
|
|
|
$vars.Add($OutputPrefix);
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($PrettyJson){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--PrettyJson");
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($CacheFileName){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--CacheFileName");
|
|
|
|
|
$vars.Add($CacheFileName);
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($RandomFilenames){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--RandomizeFilenames");
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($ZipFileName){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--ZipFileName");
|
|
|
|
|
$vars.Add($ZipFileName);
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($NoSaveCache){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--NoSaveCache");
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($EncryptZip){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--EncryptZip");
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($NoZip){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--NoZip");
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($InvalidateCache){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--InvalidateCache");
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($LdapFilter){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--LdapFilter");
|
|
|
|
|
$vars.Add($LdapFilter);
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($DomainController){
|
2018-10-16 17:53:02 +02:00
|
|
|
$vars.Add("--DomainController");
|
|
|
|
|
$vars.Add($DomainController);
|
|
|
|
|
}
|
|
|
|
|
if ($LdapPort){
|
|
|
|
|
$vars.Add("--LdapPort");
|
|
|
|
|
$vars.Add($LdapPort);
|
|
|
|
|
}
|
|
|
|
|
if ($SecureLdap){
|
|
|
|
|
$vars.Add("--SecureLdap");
|
|
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($DisableKerberosSigning){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--DisableKerberosSigning");
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($LdapUsername){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--LdapUsername");
|
|
|
|
|
$vars.Add($LdapUsername);
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-04-02 21:32:39 -05:00
|
|
|
if ($LdapPassword){
|
|
|
|
|
$vars.Add("--LdapPassword");
|
|
|
|
|
$vars.Add($LdapPassword);
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($SkipPortScan){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--SkipPortScan");
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($PortScanTimeout){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--PortScanTimeout")
|
|
|
|
|
$vars.Add($PortScanTimeout)
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-04-02 21:32:39 -05:00
|
|
|
if ($ExcludeDomainControllers){
|
|
|
|
|
$vars.Add("--ExcludeDomainControllers")
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($Throttle){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--Throttle");
|
|
|
|
|
$vars.Add($Throttle);
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-04-02 21:32:39 -05:00
|
|
|
if ($Jitter){
|
|
|
|
|
$vars.Add("--Jitter");
|
|
|
|
|
$vars.Add($Jitter);
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($OverrideUserName){
|
2020-04-02 21:32:39 -05:00
|
|
|
$vars.Add("--OverrideUserName")
|
|
|
|
|
$vars.Add($OverrideUsername)
|
2018-10-16 17:53:02 +02:00
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($NoRegistryLoggedOn){
|
|
|
|
|
$vars.Add("--NoRegistryLoggedOn")
|
|
|
|
|
}
|
|
|
|
|
if ($DumpComputerStatus){
|
|
|
|
|
$vars.Add("--DumpComputerStatus")
|
|
|
|
|
}
|
|
|
|
|
if ($RealDNSName){
|
|
|
|
|
$vars.Add("--RealDNSName")
|
|
|
|
|
$vars.Add($RealDNSName)
|
|
|
|
|
}
|
|
|
|
|
if ($CollectAllProperties){
|
|
|
|
|
$vars.Add("--CollectAllProperties")
|
|
|
|
|
}
|
|
|
|
|
if ($StatusInterval){
|
2018-10-16 17:53:02 +02:00
|
|
|
$vars.Add("--StatusInterval")
|
|
|
|
|
$vars.Add($StatusInterval)
|
2020-02-08 16:06:06 -05:00
|
|
|
}
|
2020-08-04 09:06:45 -04:00
|
|
|
if ($Loop){
|
|
|
|
|
$vars.Add("--Loop")
|
|
|
|
|
}
|
|
|
|
|
if ($LoopDuration){
|
|
|
|
|
$vars.Add("--LoopDuration")
|
|
|
|
|
$vars.Add($LoopDuration)
|
|
|
|
|
}
|
|
|
|
|
if ($LoopInterval){
|
|
|
|
|
$vars.Add("--LoopInterval")
|
|
|
|
|
$vars.Add($LoopInterval)
|
|
|
|
|
}
|
|
|
|
|
if ($SearchBase){
|
|
|
|
|
$vars.Add("--SearchBase")
|
|
|
|
|
$vars.Add($SearchBase)
|
|
|
|
|
}
|
2018-10-16 17:53:02 +02:00
|
|
|
$passed = [string[]]$vars.ToArray()
|
2020-08-04 09:06:45 -04:00
|
|
|
$EncodedCompressedFile = '5P0HeFzF9QaM3zu7e7eqXO16V8VIMljytXZXbtiWLHABTLUNphpTDAQCNuXCrg2Y9QpTTGg2vZluegst9BYIJYSQkJCQELACaQQIECAhIUX+zntmbpNlQ/LL//98z/P5sfbOvDP3zMyZM2fO1Dt34YVaSNO0MP1t2KBpj2ry30ztq/+tpL/atsdrte/EXx31qD7n1VF7H7W43H58yT6ydOix7d849Ljj7KXthx3RXlp2XPvi49p32H2v9mPtw4/orqlJjFY09pitaXP0kHbOzJcec+i+owk9qY/XtGtSmtYssTWPk7vdiTFTuoXMN/4Zbq5qGMe/kHbIKk2r5//e033wv22I7u5wfDelxXLDFPKdlEYpa1c+ltJ6vgZP3H+Uv5jPGyP/zj5/99IjTl5Kz0vXqnKhrGIjEod0l8qlb+D9nMyj1kjP61KBeDPpf3fpiGNsiphSeWZaD28Ub7uh2Tz+cRkHeRNaRNs5m9T2uEkn3gntTGLrpbN1beVr8a9d7GbrJ0IzupotEip69FO9hLtaxUp+7lumh2GF8YNwuw6RzhVWRNMSIlvSKT9WA0IpXqIcpZ9qBC9OExV6KRwK28TTRNc8UdHhtSlfibCdUJjwYUmFhXxYCth0lxQJSqKza88grVoH9BOrY3C6oha269mvtYwPaaPpZfpvWg+hPD+nn8I2omwi56Agyg1w6uxMwxliZwZO5KNUhzKPIK+VRfaERcSNhGFRfSeK/xmpbwRJaaIC5tmNyK1hNdEjmStTe0pE7RbEIlJ5rozSU3gTNcK8sLdAKHuRsN1K3gXSjyTtNs+PdO12+M+nfOvWKLzpZmEgpbKwJXne7tLrIWOXamfkdBa69HihjWO5c/j3Mv10FOs7WQhKo3TKFSQhIUO/Rz+GtRWXrWV8WDtcQxt33v0xeK93yRJy7ixSMgm7AwQkW5N+jkQbG7PlTnKlYkbWWLPYHoMcZ2MFI2ZbyG8w7yORz5lazVwtoXGeu7TifrK5QQ5O0FgXme1UmJXtEAlrLBI2SnkqRdbuAvejxayVR+6mczmNztLRFJga6I2WjiWHXaCwZXHwERFSA6OMgmHIzHQO+6IWI7qazFu9Nn2ezBv+LVig5SCaraISRQvaUoSqUdkWKzEHiEmAm1+XLMcB9C55zfBS+m0pF1EGuxuZz3dE7XFgl9EgrPHg7AT6IfdEZGwSgK1ZtiZDcl8fSEQLRlRm3ghlV1MedXsKJyTloEGbsL3Mb8v4CHQNdLgZsqZSnAinjoKyeCfsHpDv5WzsFrWnIRvlEbpm1MTsPvLkVlM6eke27cBr7W3Inw7HzXB2rV1PUciVW2vXksuIx+xtQYjqKG/P8DJ7TyCzSk5HafudLPO342ukTVosUp+JkD0LRSCebSeflYTDzITibhzPKULqjir79lUaLmRR0zFE2NoCeo/kP6TdTFqI6sUUvZeh47JeEmj97WtO+Oz07bKUT6M99oPKlO3+Dva071hdXpx8jNHefsry/OROo/3RvkMTfU9Ap7a/NuUkq29xDE6E9v2O0J7tauB/sLK8MLnFaB+57UmFvrUxB+p7A1HaOMq9008q9i2JOWn0rUBQmIN+PuukcZOnG+1v9i/vBpXtZp7U3dfFUQH1fRNR30zBf/xTle6+I6POW32fkLPnaQ5as+NJE/F26JnKuL5xUQfqm0yEeq7mKKN2PmlSX33MKXLfeSC8koNqfl7ZdjuWkPanLlo+DdnpunB5Lwhe/Uplat9uzAJAfVm8tSu/9eyPKr19Cw3nrb56BI3joPd+UunD23u/VpnWd6jhQH2zECXFUU55vbJN3/GGk3zfHgj6NAn/5c8euRh5uOBAfRdQefJHB+7UdylXFqC+DFV2z4scNfmNgcP7bhLOW33PkbPnLg466rjPVuLtsd87cknfM8KB+l5GlLM5yj/tz07rO4WDIBB9sxF0LAedWbv6CiUVf9JXXwCpOHb5Z9+CVIwqf3ZG3591BP3qpM/O6ktCF3Jo34cgUGACLw6evxrJT/r3+ef3bRNyoL4DyNkT5yj7a6vX9E0JOWn0/QJvf5yA//nxZ10CFkwYd9bFoNIQWX1R37ucU0B9xyLq9zjqLcbqi/vuF85bfdsi6HYO+mDSWZfh7f0mnnVpX71wIM58zyqOUp181uV9r+hOkfv+gLeXcNCT73z5IyUVncWltyE7WtfSW0AwV7/6yr5bmSCgvvdINfdszW9dkl96a9+fws5bfV8gqImD8j1Lv423r5yy9J6+z8MO1PdvRPkiDv/Tb13+WN9lESf5vg3Izlsc9OyHX/4ceYi99+VPQWX333z5476/yCZMUN9liHofR736j1++3rdWOG/13YygyzjovY+//AVL5kdfvtFXKxyorxFRShzllD9/+cu+LTio5rMv3+wbg6D9KEiUVqHH3J5UzTQDMrgdgxe5YAhgkcEbXRDqvqeRwXtckIscYvApF/wHwI9jAF92wb8BfJPBN13wLwCfZ/B9F/wU4L0M/tUFPwa4lsGIcMAPAa5icIQL/hHg8Qx2uODvAR7A4GQX/A3AHRmc7YK/BjiBwfku+DbAkQwe5IJvAowyeKwLvgHwsyjAqgu+DnA9g6td8DWA32fwWhd8FeCDDN7jgj8AeB2DT7ngSwDPYfBVF3we4FIG17vgswAXMfiJCz4NcFcGaVSlwCcATmYw7YKPAmxnsMMFHwKYZHCqCz7A8m8A3MUF7wX4LoMHuODdAH/I4LEueAfARxg81QVvBbiOwYtc8CaAqxm8zQVvAHgyg8+64LUAv8HgWy64FuA8Bv/qglcA7GWwLuyAlwIczeBYF7wIYB2D27vgGoD/iLCEuOB5AH/P4EkueDbA1xi8yAVXAXyCwbtc8HSAtzL4ggueCvAiBn/tgisArmDwSxdcDvBIBtMRBzwR4J4MFl2wDHBbBndyweMBWgwe6oLHAkwzWHHBJQAHwwAvc8EjAb7P4L0ueCjAnzH4sgseAPAZBn/rgvsAvJPBf7vg7gAvYzBnOOAuAFcyOMEFtwd4NIO7ueC2APdl8AgXnApwFv2ESqcSmC3TKMWY3zORkWt9SDsjd/mQWkZeIaRRIf8KAVnvi/MBI//2xfklI/Goh7zISEfUe+s7jOziQ9YxcoTvrQsZOY2QnEL6GbnLhxzDyM99by1k5BMf5Z0ZaYp5yBRGJsW8t0YzMsuHNDAy34dojBzkQz4WQJb5kLcZWeVDfsDIVT7kUUZu8SG3MvKuL4eXMrLBF+d0RsbEPeR4RnbyIQczUvYhc2RaPmTaRojFyCtxL/WsGMqx8EbIZzqQ3/vovMOInvCQHzHS5kOeZCTvQ+5kpNeHXMnIfB9yFiPLfMhSRq7wIYcx8ogP2YORN33IdEY+9SEFRqYmPaSZkUN9SIyRG33IFxhvl37tQ37HSDrlIT9lZIYP+S4jq3zItxl5wYdcw8inPuRcRiI1LpKvhEqTfd5jQqX9fd6DSNh83nmh0qs+74xQ6W8+73hqlbWed1SotJfP2xAqXe3zhkKZ+aE9MoMhjPKsHeRQmcasQpur8RyfKezZGFXuiJ+dMFzNtxr2zs4IORnlCRERxXSEwW5DDjt/NWAay3I0cE15kw48nufxp6l19dGPmifZlZ5xN62QvSsIiEyX49+Nfl/jqQMMU+05PPewBjGM7FqeU0hGC7GoPVe9F+2SZVhOdBMu3dIrVHBJO5xJDRw6EOmkx0LNH8oppZwBsUxJxpvoJYhwSjAcZUSLZsvzEHl3/GBcnJJvqPkLS85ZNDZqkUk8ndaqbTlTi2zN7oO1TEni4AON37XkUD5Es6tRws0xYxkNZlsSBuevS/GU+glM4JjlPVCGIEXDno+aDlAMFnpZHZdRMRP0SAAw+7z5OhrCuU2xDPUDmicRzdrh6iejkF+7iJuSF6sQFVYHSV3X0MiF0YI9FrHeKO+JnDRog9kpmKSZ4FRSV0aW617KQx3ygCktA0wc2UUmlvN6QWS7jAae+zMK0ag9EgmOTJFZWUcxIPQ18UJjvLR9neqbC/R+HNNGRiq/iyjtB7yTfOmwGS6GR6byW5vhk
|
2020-04-23 16:01:12 -04:00
|
|
|
$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String($EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
|
2020-08-04 09:06:45 -04:00
|
|
|
$UncompressedFileBytes = New-Object Byte[](833536)
|
|
|
|
|
$DeflatedStream.Read($UncompressedFileBytes, 0, 833536) | Out-Null
|
2020-04-23 16:01:12 -04:00
|
|
|
$Assembly = [Reflection.Assembly]::Load($UncompressedFileBytes)
|
|
|
|
|
$BindingFlags = [Reflection.BindingFlags] "Public,Static"
|
|
|
|
|
$a = @()
|
|
|
|
|
$Assembly.GetType("Costura.AssemblyLoader", $false).GetMethod("Attach", $BindingFlags).Invoke($Null, @())
|
|
|
|
|
$Assembly.GetType("SharpHound3.SharpHound").GetMethod("InvokeSharpHound").Invoke($Null, @(,$passed))
|
2020-08-04 09:06:45 -04:00
|
|
|
}
|
