2023-10-08 13:08:42 +02:00
|
|
|
function Invoke-BloodHound
|
|
|
|
|
{
|
|
|
|
|
<#
|
|
|
|
|
.SYNOPSIS
|
|
|
|
|
|
|
|
|
|
Runs the BloodHound C# Ingestor using reflection. The assembly is stored in this file.
|
|
|
|
|
|
|
|
|
|
.DESCRIPTION
|
|
|
|
|
|
|
|
|
|
Using reflection and assembly.load, load the compiled BloodHound C# ingestor into memory
|
|
|
|
|
and run it without touching disk. Parameters are converted to the equivalent CLI arguments
|
|
|
|
|
for the SharpHound executable and passed in via reflection. The appropriate function
|
|
|
|
|
calls are made in order to ensure that assembly dependencies are loaded properly.
|
|
|
|
|
|
|
|
|
|
.PARAMETER CollectionMethods
|
|
|
|
|
|
|
|
|
|
Specifies the CollectionMethods being used. Possible value are:
|
|
|
|
|
Group - Collect group membership information
|
|
|
|
|
LocalGroup - Collect local group information for computers
|
|
|
|
|
LocalAdmin - Collect local admin users for computers
|
|
|
|
|
RDP - Collect remote desktop users for computers
|
|
|
|
|
DCOM - Collect distributed COM users for computers
|
|
|
|
|
PSRemote - Collected members of the Remote Management Users group for computers
|
|
|
|
|
Session - Collect session information for computers
|
|
|
|
|
Trusts - Enumerate domain trust data
|
|
|
|
|
ACL - Collect ACL (Access Control List) data
|
|
|
|
|
Container - Collect GPO/OU Data
|
|
|
|
|
ComputerOnly - Collects Local Group and Session data
|
|
|
|
|
GPOLocalGroup - Collects Local Group information using GPO (Group Policy Objects)
|
|
|
|
|
LoggedOn - Collects session information using privileged methods (needs admin!)
|
|
|
|
|
ObjectProps - Collects node property information for users and computers
|
|
|
|
|
SPNTargets - Collects SPN targets (currently only MSSQL)
|
|
|
|
|
Default - Collects Group Membership, Local Admin, Sessions, Containers, ACLs and Domain Trusts
|
|
|
|
|
DcOnly - Collects Group Membership, ACLs, ObjectProps, Trusts, Containers, and GPO Admins
|
2024-02-03 20:53:55 +01:00
|
|
|
CARegistry - Collect ADCS properties from registry of Certificate Authority servers
|
|
|
|
|
DCRegistry - Collect properties from registry of Domain Controller servers
|
|
|
|
|
CertServices - Collect ADCS properties from Certificate Services
|
2023-10-08 13:08:42 +02:00
|
|
|
All - Collect all data
|
|
|
|
|
|
|
|
|
|
This can be a list of comma separated valued as well to run multiple collection methods!
|
|
|
|
|
|
|
|
|
|
.PARAMETER Domain
|
|
|
|
|
|
|
|
|
|
Specifies the domain to enumerate. If not specified, will enumerate the current
|
|
|
|
|
domain your user context specifies.
|
|
|
|
|
|
|
|
|
|
.PARAMETER SearchForest
|
|
|
|
|
|
|
|
|
|
Search all trusted domains in the forest.
|
|
|
|
|
|
|
|
|
|
.PARAMETER Stealth
|
|
|
|
|
|
|
|
|
|
Use stealth collection options, will sacrifice data quality in favor of much reduced
|
|
|
|
|
network impact
|
|
|
|
|
|
|
|
|
|
.PARAMETER LdapFilter
|
|
|
|
|
|
|
|
|
|
Append this ldap filter to the search filter to further filter the results enumerated
|
|
|
|
|
|
|
|
|
|
.PARAMETER DistinguishedName
|
|
|
|
|
|
|
|
|
|
DistinguishedName to start LDAP searches at. Equivalent to the old -Ou option
|
|
|
|
|
|
|
|
|
|
.PARAMETER ComputerFile
|
|
|
|
|
|
|
|
|
|
A file containing a list of computers to enumerate. This option can only be used with the following Collection Methods:
|
|
|
|
|
Session, Session, LocalGroup, ComputerOnly, LoggedOn
|
|
|
|
|
|
|
|
|
|
.PARAMETER OutputDirectory
|
|
|
|
|
|
|
|
|
|
Folder to output files too
|
|
|
|
|
|
|
|
|
|
.PARAMETER OutputPrefix
|
|
|
|
|
|
|
|
|
|
Prefix to add to output files
|
|
|
|
|
|
|
|
|
|
.PARAMETER CacheName
|
|
|
|
|
|
|
|
|
|
Name for the cache file dropped to disk (default: unique hash generated per machine)
|
|
|
|
|
|
|
|
|
|
.PARAMETER MemCache
|
|
|
|
|
|
|
|
|
|
Don't write the cache file to disk. Caching will still be performed in memory.
|
|
|
|
|
|
|
|
|
|
.PARAMETER RebuildCache
|
|
|
|
|
|
|
|
|
|
Invalidate and rebuild the cache file
|
|
|
|
|
|
|
|
|
|
.PARAMETER RandomFileNames
|
|
|
|
|
|
|
|
|
|
Randomize file names completely
|
|
|
|
|
|
|
|
|
|
.PARAMETER ZipFilename
|
|
|
|
|
|
|
|
|
|
Name for the zip file output by data collection
|
|
|
|
|
|
|
|
|
|
.PARAMETER NoZip
|
|
|
|
|
|
|
|
|
|
Do NOT zip the json files
|
|
|
|
|
|
|
|
|
|
.PARAMETER ZipPassword
|
|
|
|
|
|
|
|
|
|
Encrypt the zip file with the specified password
|
|
|
|
|
|
|
|
|
|
.PARAMETER TrackComputerCalls
|
|
|
|
|
|
|
|
|
|
Write a CSV file with the results of each computer API call to disk
|
|
|
|
|
|
|
|
|
|
.PARAMETER PrettyPrint
|
|
|
|
|
|
|
|
|
|
Output "pretty" json with formatting for readability
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.PARAMETER LdapUsername
|
|
|
|
|
|
|
|
|
|
Username for connecting to LDAP. Use this if you're using a non-domain account for connecting to computers
|
|
|
|
|
|
|
|
|
|
.PARAMETER LdapPassword
|
|
|
|
|
|
|
|
|
|
Password for connecting to LDAP. Use this if you're using a non-domain account for connecting to computers
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.PARAMETER DomainController
|
|
|
|
|
|
|
|
|
|
Domain Controller to connect too. Specifiying this can result in data loss
|
|
|
|
|
|
|
|
|
|
.PARAMETER LdapPort
|
|
|
|
|
|
|
|
|
|
Port LDAP is running on. Defaults to 389/686 for LDAPS
|
|
|
|
|
|
|
|
|
|
.PARAMETER SecureLDAP
|
|
|
|
|
|
|
|
|
|
Connect to LDAPS (LDAP SSL) instead of regular LDAP
|
|
|
|
|
|
|
|
|
|
.PARAMETER DisableCertVerification
|
|
|
|
|
|
|
|
|
|
Disable certificate verification for secure LDAP
|
|
|
|
|
|
|
|
|
|
.PARAMETER DisableSigning
|
|
|
|
|
|
|
|
|
|
Disables keberos signing/sealing, making LDAP traffic viewable
|
|
|
|
|
|
|
|
|
|
.PARAMETER SkipPortCheck
|
|
|
|
|
|
|
|
|
|
Skip SMB port checks when connecting to computers
|
|
|
|
|
|
|
|
|
|
.PARAMETER PortScanTimeout
|
|
|
|
|
|
|
|
|
|
Timeout for port checks
|
|
|
|
|
|
|
|
|
|
.PARAMETER SkipPasswordCheck
|
|
|
|
|
|
|
|
|
|
Skip checking of PwdLastSet time for computer scanning
|
|
|
|
|
|
|
|
|
|
.PARAMETER ExcludeDCs
|
|
|
|
|
|
|
|
|
|
Exclude domain controllers from enumeration (usefult o avoid Microsoft ATP/ATA)
|
|
|
|
|
|
|
|
|
|
.PARAMETER Throttle
|
|
|
|
|
|
|
|
|
|
Throttle requests to computers (in milliseconds)
|
|
|
|
|
|
|
|
|
|
.PARAMETER Jitter
|
|
|
|
|
|
|
|
|
|
Add jitter to throttle
|
|
|
|
|
|
|
|
|
|
.PARAMETER Threads
|
|
|
|
|
|
|
|
|
|
Number of threads to run enumeration with (Default: 50)
|
|
|
|
|
|
|
|
|
|
.PARAMETER SkipRegistryLoggedOn
|
|
|
|
|
|
|
|
|
|
Disable remote registry check in LoggedOn collection
|
|
|
|
|
|
|
|
|
|
.PARAMETER OverrideUserName
|
|
|
|
|
|
|
|
|
|
Override username to filter for NetSessionEnum
|
|
|
|
|
|
|
|
|
|
.PARAMETER RealDNSName
|
|
|
|
|
|
|
|
|
|
Overrides the DNS name used for API calls
|
|
|
|
|
|
|
|
|
|
.PARAMETER CollectAllProperties
|
|
|
|
|
|
|
|
|
|
Collect all string LDAP properties on objects
|
|
|
|
|
|
|
|
|
|
.PARAMETER Loop
|
|
|
|
|
|
|
|
|
|
Perform looping for computer collection
|
|
|
|
|
|
|
|
|
|
.PARAMETER LoopDuration
|
|
|
|
|
|
|
|
|
|
Duration to perform looping (Default 02:00:00)
|
|
|
|
|
|
|
|
|
|
.PARAMETER LoopInterval
|
|
|
|
|
|
|
|
|
|
Interval to sleep between loops (Default 00:05:00)
|
|
|
|
|
|
|
|
|
|
.PARAMETER StatusInterval
|
|
|
|
|
|
|
|
|
|
Interval for displaying status in milliseconds
|
|
|
|
|
|
|
|
|
|
.PARAMETER Verbosity
|
|
|
|
|
|
|
|
|
|
Change verbosity of output. Default 2 (lower is more)
|
|
|
|
|
|
|
|
|
|
.PARAMETER Help
|
|
|
|
|
|
|
|
|
|
Display this help screen
|
|
|
|
|
|
|
|
|
|
.PARAMETER Version
|
|
|
|
|
|
|
|
|
|
Display version information
|
|
|
|
|
|
|
|
|
|
.EXAMPLE
|
|
|
|
|
|
|
|
|
|
PS C:\> Invoke-BloodHound
|
|
|
|
|
|
|
|
|
|
Executes the default collection options and exports JSONs to the current directory, compresses the data to a zip file,
|
|
|
|
|
and then removes the JSON files from disk
|
|
|
|
|
|
|
|
|
|
.EXAMPLE
|
|
|
|
|
|
|
|
|
|
PS C:\> Invoke-BloodHound -Loop -LoopInterval 00:01:00 -LoopDuration 00:10:00
|
|
|
|
|
|
|
|
|
|
Executes session collection in a loop. Will wait 1 minute after each run to continue collection
|
|
|
|
|
and will continue running for 10 minutes after which the script will exit
|
|
|
|
|
|
|
|
|
|
.EXAMPLE
|
|
|
|
|
|
|
|
|
|
PS C:\> Invoke-BloodHound -CollectionMethods All
|
|
|
|
|
|
|
|
|
|
Runs ACL, ObjectProps, Container, and Default collection methods, compresses the data to a zip file,
|
|
|
|
|
and then removes the JSON files from disk
|
|
|
|
|
|
|
|
|
|
.EXAMPLE
|
|
|
|
|
|
|
|
|
|
PS C:\> Invoke-BloodHound -CollectionMethods DCOnly -NoSaveCache -RandomizeFilenames -EncryptZip
|
|
|
|
|
|
|
|
|
|
(Opsec!) Run LDAP only collection methods (Groups, Trusts, ObjectProps, ACL, Containers, GPO Admins) without outputting the cache file to disk.
|
|
|
|
|
Randomizes filenames of the JSON files and the zip file and adds a password to the zip file
|
|
|
|
|
#>
|
|
|
|
|
|
|
|
|
|
[CmdletBinding(PositionalBinding = $false)]
|
|
|
|
|
param(
|
|
|
|
|
[Alias("c")]
|
|
|
|
|
[String[]]
|
|
|
|
|
$CollectionMethods = [String[]]@('Default'),
|
|
|
|
|
|
|
|
|
|
[Alias("d")]
|
|
|
|
|
[String]
|
|
|
|
|
$Domain,
|
|
|
|
|
|
|
|
|
|
[Alias("s")]
|
|
|
|
|
[Switch]
|
|
|
|
|
$SearchForest,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$Stealth,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$LdapFilter,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$DistinguishedName,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$ComputerFile,
|
|
|
|
|
|
|
|
|
|
[ValidateScript({ Test-Path -Path $_ })]
|
|
|
|
|
[String]
|
|
|
|
|
$OutputDirectory = $( Get-Location ),
|
|
|
|
|
|
|
|
|
|
[ValidateNotNullOrEmpty()]
|
|
|
|
|
[String]
|
|
|
|
|
$OutputPrefix,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$CacheName,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$MemCache,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$RebuildCache,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$RandomFilenames,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$ZipFilename,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$NoZip,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$ZipPassword,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$TrackComputerCalls,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$PrettyPrint,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$LdapUsername,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$LdapPassword,
|
|
|
|
|
|
|
|
|
|
[string]
|
|
|
|
|
$DomainController,
|
|
|
|
|
|
|
|
|
|
[ValidateRange(0, 65535)]
|
|
|
|
|
[Int]
|
|
|
|
|
$LdapPort,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$SecureLdap,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$DisableCertVerification,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$DisableSigning,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$SkipPortCheck,
|
|
|
|
|
|
|
|
|
|
[ValidateRange(50, 5000)]
|
|
|
|
|
[Int]
|
|
|
|
|
$PortCheckTimeout = 500,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$SkipPasswordCheck,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$ExcludeDCs,
|
|
|
|
|
|
|
|
|
|
[Int]
|
|
|
|
|
$Throttle,
|
|
|
|
|
|
|
|
|
|
[ValidateRange(0, 100)]
|
|
|
|
|
[Int]
|
|
|
|
|
$Jitter,
|
|
|
|
|
|
|
|
|
|
[Int]
|
|
|
|
|
$Threads,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$SkipRegistryLoggedOn,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$OverrideUsername,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$RealDNSName,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$CollectAllProperties,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$Loop,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$LoopDuration,
|
|
|
|
|
|
|
|
|
|
[String]
|
|
|
|
|
$LoopInterval,
|
|
|
|
|
|
|
|
|
|
[ValidateRange(500, 60000)]
|
|
|
|
|
[Int]
|
|
|
|
|
$StatusInterval,
|
|
|
|
|
|
|
|
|
|
[Alias("v")]
|
|
|
|
|
[ValidateRange(0, 5)]
|
|
|
|
|
[Int]
|
|
|
|
|
$Verbosity,
|
|
|
|
|
|
|
|
|
|
[Alias("h")]
|
|
|
|
|
[Switch]
|
|
|
|
|
$Help,
|
|
|
|
|
|
|
|
|
|
[Switch]
|
|
|
|
|
$Version
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
$vars = New-Object System.Collections.Generic.List[System.Object]
|
|
|
|
|
|
|
|
|
|
if(!($PSBoundParameters.ContainsKey("help") -or $PSBoundParameters.ContainsKey("version"))){
|
|
|
|
|
$PSBoundParameters.Keys | % {
|
|
|
|
|
if ($_ -notmatch "verbosity"){
|
|
|
|
|
$vars.add("--$_")
|
|
|
|
|
if($PSBoundParameters.item($_).gettype().name -notmatch "switch"){
|
|
|
|
|
$vars.add($PSBoundParameters.item($_))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
elseif ($_ -match "verbosity") {
|
|
|
|
|
$vars.add("-v")
|
|
|
|
|
$vars.add($PSBoundParameters.item($_))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$PSBoundParameters.Keys |? {$_ -match "help" -or $_ -match "version"}| % {
|
|
|
|
|
$vars.add("--$_")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$passed = [string[]]$vars.ToArray()
|
|
|
|
|
|
2024-02-14 13:00:30 +01:00
|
|
|
$EncodedCompressedFile = 'xP0HfBTF+weO7+3d7ZVcQi6X3CUBklASltwlVCEJvQnSq4CUSO8s3NEvFxGQJh1BiqAgUlS6UkVEsNEULAiYqCgoAgpSLEj4zfPMbEtCjJ//9//78eKyO++ZfWbmeeZ55pm22+6pRZyR4zgT+T18yHH7OPqvMffv/6aSX0TigQjuLdupCvsMbU9V6Dp0WCBpjF8a4u83KmlAv9GjpXFJ/Qcl+cePTho2Oql5hy5Jo6SBg9LDw+2VGY2OLTiurcHIXTngfijT/Y6raAgzVOe4gdEcF0+xtdPIfZKcojG952m54Z+gPByNOPwzck8/x3GR+F+9Khf815bQ7QA3r0Rzb7qLqeR70ZyDXN55NprLKAVPlH+kfFZN0ErCrTTh9HGDJo0j1w39Wb0GquXWkHg63R/wDyD3WDZSRi6WXAdH69I1Jv/T/YNGSiShg5UZaeUWSde0cDGnTqNpoGw8Z+Z613dxT7cwcAYSNho44Xoex43pG1XqaseLaTwnpHKu6jzXjmF80h1CLkQkaeIDpFz2UCLciqTd2XmjSGok8GYxAy4BIk+7WBtuxVrkr0kyQ6KAAHBNAqQm8EGSxpRakTeG8IYAZhkwM0CQAYEBFhmwMMAqA1YG2GTAxgC7DNgZECYDYQxwyICDAeEyEM6ACBmIYEAZGSjDgEgZiGSAUwacDIiSgSgGuGTAxYBoGYhmQIwMxDDALQNuBnhkwMOAWBmIZUCcDMQxIF4G4hlQVgbKMqCcDJRjQHkZKM+ABBnAm+F+0izGiEQk9nmE6waRyMI+1cDSQhuh7aguaUMEdUZxog1aTzKJieL4UApeY0KV8ZpDYZGk9LKQSCRlpzSqYPvmnLxIZCMkp0WmiD7SvP1VoAQEstt5sSqJEcQIeKYOL5K2JCTFd+K47FTyrKu6kZvDaBjtRpNEBGhPCzf6axACJjESKJj8jwE1J8aY/I3kgK8cL5I6CBJRA8FXRiSCtCenCSn+liSF3exz5kKd/U+QkEAp8SIpl+CLold9jKaUhEtJMkeTGNsqyEAFBlSUgYoMqCQDeJPFe8RWqG8uINmaDxK1NKXZjCm8JwS3qUseKaZANNyBFU4tW93EPWFAe+zkgyAROx8EAYUJvp6Cp963hHcW0UsySjPnRRogkAaBQRQUSUu1S6R12sOjjKIHONiIdyfbUba8LVQFLlTCRl4kOXrz8kEaQYgI53PgUhBDmqqBj2FPETokbM97lZMzo1klDuz11EiRNGL7MAdFcqEGEmnFdusgq0Qar71HMeWpz3tKKk9+p1IUJj/OZeITCygVfNxpEstDhEsPiwnYcjmuSTlqQyPgR9hWjvziOOwWDXVoWqOYxBqDKEtWZKKuKgNVKYAmF2W1kNAgLdwZqAStSuAhb7sAgrP7jMY0Q6pRCCZjO3WnCEKBQERpD1QBwAH6Z7cCKa9E6NrDvLUtUiqwij5P6uoF7vmAa3E6jFzSICqd/LFI1SDBsXy7xSdYJNLd279J5QyRoGPNucYzODuHemfmJA77dyfvJz3KGKkmFsuUEu2N9Mwn5TIkuxMrr4HugqiHf4ScJIz3T5fvHRYfb0kV0spY0xx+osZjjKjzqYIvXEANNqJ2pVq1AT/PS7Wh33kM/pCG7QWb4BW7QTfUV458ElqvioOdyIEWh7YmA8oUyITSGBcM8/R0eFOM1lUIh1vTjDZfWcGWbasVbiGolAUSsPW0W0k6q7vaV4JPEEm1vamUjs9iAR30pgo0XMttXOCLMropuTSr0QOK6U2lzzRMLAj0BkvHh6qD7MEGEoMEPgnY0UZgRxuDRIgdbYJXY6gpXmNCzfCaQ6PB5HpZSGwBfHmKkH4cZMCHWsLFGGoFcEWeWcun+GAbApQxiG1B1kRmdneBIXWw3OGHfNj7t4cipFPbwXNE+0DgxHZArF1IfJBuEjy17Fy+hRezSUWUtuHkeBewl+PKEl5/QK5hynNhFl+ExVOPeH2c2573BliIGJqdZ3ioBlz5YDVQL0WkUgcoRk2ISnyASb2d+SCEpY7QcKxUWLa0SG8WeRhoePpTUhiw1b3KbmrF89ZQGuaFdDz2/DSZJqOIDX4drQ8fjbm67VDBPlBBAfQd6gg+7Tvv0DqOliuAFHxhjFJ1pvGQX2p8gPDdPkXpKx0KPxILasXyQWAysrtWGO+m1OxeixvbB1H9IDSQELAFvCtxADRj5O0ZYmvCkVY3NBK+VsSQgwHiA08C17qDOPlgD7gEewJHiQS9jijeLfYC3pHuqzek6wMJokN94eIOZYOgBV8fbyyfAzHi08BgPgjUbFI/SETx/uSPyxxlhhLZXaYokzgQ+NcE+wUoEe80hQZh+sHQVEmbCoOOoTyUMDgIH+Jz4FoQQyx4WTTG3TClOJRcsnIePnyY73AJvFPAwuVzLOdh8Kw1yioOhxtLlEUcQXP2KDlbQiPVnIkEHZDzq9gljcSH+JyRmHM9uRvAnC3iKOQWZOcSnILP4xTGgy1PTjM6hSniaNAYScMvLFBBTAyUH1kkjQFrkp/kskGP0Y0m7a6UxWkTx0JVyhYbaxH9cr9Sm/YrXcjvefLLp+0G/Cxw/bHxLSB3ywx0eML6GyBiFANAZAnTZ3EcyHg8Ve0JiKBqT8ScoB1NMWD/RdrRBGxHif/0bEEsJteg0NhhE7JvEtg6cx4PUgS+wTPeenxwMvDPIE2BaGLNQ0HIKvEfliLPoU3PqBzPewdJTkYoB7gX4rBLd4u5cqMawJoqNq5m2LiQhDX0DFxcZj4HKhfFk5YYDlLehjQh0sHnPKNvXhMwJW1eT0DzakiaF5EELdSzUKgoepWmUeE8i8KBHMTpeDsDpCiIz4EUH/8fnnWLM4HzNOChAWpXQKq/3uUagizB2EBfBQwqo8iG2AsvHwTJUXuRAAZsQiEpu0PAXGJCrIkPArNQonxwNkQjn3PmoKAKYohFMVjEuVBum2AMAfu9ncsY+CAkQDwtqoyhUMoIgcbT5JV4GjKKzwMG9RUYC+bJiQTs22CMHKmtBxFDQQzxospaGSvEBVhqJk0OPGgvi1kEKkXvLeJiYFutKDm4hPwNLEWOWgIvcNTsQtsjYwRMYsQkagieT32chUzmCJO4EpAsbeoULDMxoqQ3k8scU1OgdlxTBcKbVsCbVNKnTFIkXGxNNFUJrKUyB/mSjo6LgjyMJvEVlJW0Djhf0Ti+PZod8KMEj7SegNHiqyACCwluQMaS3uA1IHUhQHISpj4BLv9GAiTnwq20CW4Dm/HvFpDJ6/CH9Lr2qa2hX+psLMMXuIkRMkhvQsxWZnug7jCN4YKxlETUyT6OsMFAakJaotfHC6luyHoHY3Yb2Yltw7zatjLQlgHtZKAdA9rLQHsGdJCBDgzoKAMdGdBJBjoxoLMMdGZAFxnowoCuMtCVAd1koBsDnpSBJxnQXQa6M6CHDPRgQE8Z6MmAp2TgKQb0koFeDOgtA70Z0EcG+jCgrwz0ZUC2DGQz4GkZeJoB/WSgHwP6y0B/BgyQgQEMGCgDAxkwSAYGMWCwDAxmwBAZGMKAoTIwlAHDZGAYA4bLwHAGjJCBEQwYKQMjGTBKBkYxYLQMjGaAJAMSA8bIwBgGjJWBsQzwy4CfAQEZCDBgnAyMY8B4GRjPgAkyMIEBE2UAb9DHFbhxpJ+NxvHEFBhsEDPn9aSHsxDRHK+3LAtEQZQ8JvKtkXYTFTK5u5rdne3usIw5BhgEr3J8RrSCF98icVaP+Da5vAZAeH5CitG/mox/PPMNSMG6XtwDHYrLlPc7DJFbu8y2FqSr447TwSM4hxzxTDhiZnGChTiSXH2OTiYSneBIE+ZIa+GIYDiY7CT9AzeNORzElHJryI/YE247Ryeej5BfBhD3uISMj4Ewub5HromR5GYv3CSRG+iAExuTG2KciHNCikbuV+K9Ae/n430k3pPOgot1Cd6cJJj/JDeBJHBoyM3wpKkc3vSLJ396J/GdMNQlCSa2yU3rpGsBE9w0SbrM401Gkv2MEW6qJYGbRG5SkmBIQm7Kw/wL3EQnPbxtgZswN/kjBPaCSTc5zU7h6a62RGcto9nT2eLpEWYR
|
2023-10-08 13:08:42 +02:00
|
|
|
$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String($EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
|
2024-02-03 20:53:55 +01:00
|
|
|
$UncompressedFileBytes = New-Object Byte[](1343488)
|
|
|
|
|
$DeflatedStream.Read($UncompressedFileBytes, 0, 1343488) | Out-Null
|
2023-10-08 13:08:42 +02:00
|
|
|
$Assembly = [Reflection.Assembly]::Load($UncompressedFileBytes)
|
|
|
|
|
$BindingFlags = [Reflection.BindingFlags] "Public,Static"
|
|
|
|
|
$a = @()
|
|
|
|
|
$Assembly.GetType("Costura.AssemblyLoader", $false).GetMethod("Attach", $BindingFlags).Invoke($Null, @())
|
|
|
|
|
$Assembly.GetType("Sharphound.Program").GetMethod("InvokeSharpHound").Invoke($Null, @(,$passed))
|
|
|
|
|
}
|
