-DomainController using current security context (no mandatory creds)

[phackt]

Hi @nullbind , hope you're fine.

Dealing with the issue #61, i made a PR. I updated the function Get-DomainObject.

What you can do now, for example:

PS C:\temp> Get-DomainObject -LdapFilter "(&(servicePrincipalName=*))"
PS C:\temp> Get-DomainObject -LdapFilter "(&(servicePrincipalName=*))" -DomainController 10.10.0.2:4444
PS C:\temp> Get-DomainObject -LdapFilter "(&(servicePrincipalName=*))" -DomainController 10.10.0.2:4444 -Username phackt -Password B3stPassEver  

Basically if no credentials are supplied, it will used the current security context to authenticate against the DC - may be useful if for example during an engagement, you only have the hash of the domain user you are using for your enumeration (and you spawned a session for ex with mimikatz pth).

Otherwise it will authenticate thanks to the credentials supplied as arguments. Note that you can specify the format IP:PORT if you wish to target a pivot machine.

Hope all of this makes sense and will be helpful.

Let me know if you wish more information!
Have a nice day,

[nullbind]

Awesome! I’ll test it and try to get it merged this week. Thanks for the help!

[phackt]

no prob, let me know if i can help. Cheers.

[phackt]

Hi @nullbind, i know you are busy but if i can help let me know. Thanks.

[phackt]

Thanks man!