Wednesday, May 5, 2021

PowerView Invoke-ShareFinder sample

#sample partial of powerview powershell script (note: must be run on 32bit/x86 powershell)

#https://www.blackhillsinfosec.com/finding-buried-treasure-in-server-message-block-smb/

iex (get-content .\filefinds.ps1 |out-string)

PS C:\> Get-NetComputer –OperatingSystem *2003* | Out-File –Encoding ASCII Windows2003Hosts.txt 

PS C:\> Get-NetComputer –OperatingSystem *2008* | Out-File –Encoding ASCII Windows2008Hosts.txt 

PS C:\> Get-NetComputer –OperatingSystem *2012* | Out-File –Encoding ASCII Windows2012Hosts.txt 

PS C:\> Get-NetComputer –OperatingSystem *2016* | Out-File –Encoding ASCII Windows2016Hosts.txt 

PS C:\> Get-NetComputer –OperatingSystem *2019* | Out-File –Encoding ASCII Windows2019Hosts.txt 

PS C:\> Get-NetComputer –OperatingSystem *XP* | Out-File –Encoding ASCII WindowsXPHosts.txt 

PS C:\> Get-NetComputer –OperatingSystem *7* | Out-File –Encoding ASCII Windows7Hosts.txt 

PS C:\> Get-NetComputer –OperatingSystem * 8* | Out-File –Encoding ASCII Windows8Hosts.txt 

PS C:\> Get-NetComputer –OperatingSystem *10* | Out-File –Encoding ASCII Windows10Hosts.txt 

PS C:\> Invoke-ShareFinder –ComputerFile Windows2003Hosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII Windows2003Shares.txt 

PS C:\> Invoke-ShareFinder –ComputerFile Windows2008Hosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII Windows2008Shares.txt 

PS C:\> Invoke-ShareFinder –ComputerFile Windows2012Hosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII Windows2012Shares.txt 

PS C:\> Invoke-ShareFinder –ComputerFile Windows2016Hosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII Windows2016Shares.txt 

PS C:\> Invoke-ShareFinder –ComputerFile Windows2019Hosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII Windows2019Shares.txt 

PS C:\> Invoke-ShareFinder –ComputerFile WindowsXPHosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII WindowsXPShares.txt 

PS C:\> Invoke-ShareFinder –ComputerFile Windows7Hosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII Windows7Shares.txt 

PS C:\> Invoke-ShareFinder –ComputerFile Windows8Hosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII Windows8Shares.txt 

PS C:\> Invoke-ShareFinder –ComputerFile Windows10Hosts.txt -NoPing –ExcludeIPC –ExcludePrint –CheckShareAccess | Out-File –Encoding ASCII Windows10Shares.txt 


---------------------

findfiles.ps1

----------------------------


function Get-NetDomain {


    [CmdletBinding()]

    param(

        [Parameter(ValueFromPipeline=$True)]

        [String]

        $Domain

    )


    process {

        if($Domain) {

            $DomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain)

            try {

                [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)

            }

            catch {

                Write-Warning "The specified domain $Domain does not exist, could not be contacted, or there isn't an existing trust."

                $Null

            }

        }

        else {

            [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()

        }

    }

}


function Convert-LDAPProperty {

    # helper to convert specific LDAP property result fields

    param(

        [Parameter(Mandatory=$True,ValueFromPipeline=$True)]

        [ValidateNotNullOrEmpty()]

        $Properties

    )


    $ObjectProperties = @{}


    $Properties.PropertyNames | ForEach-Object {

        if (($_ -eq "objectsid") -or ($_ -eq "sidhistory")) {

            # convert the SID to a string

            $ObjectProperties[$_] = (New-Object System.Security.Principal.SecurityIdentifier($Properties[$_][0],0)).Value

        }

        elseif($_ -eq "objectguid") {

            # convert the GUID to a string

            $ObjectProperties[$_] = (New-Object Guid (,$Properties[$_][0])).Guid

        }

        elseif( ($_ -eq "lastlogon") -or ($_ -eq "lastlogontimestamp") -or ($_ -eq "pwdlastset") -or ($_ -eq "lastlogoff") -or ($_ -eq "badPasswordTime") ) {

            # convert timestamps

            if ($Properties[$_][0] -is [System.MarshalByRefObject]) {

                # if we have a System.__ComObject

                $Temp = $Properties[$_][0]

                [Int32]$High = $Temp.GetType().InvokeMember("HighPart", [System.Reflection.BindingFlags]::GetProperty, $null, $Temp, $null)

                [Int32]$Low  = $Temp.GetType().InvokeMember("LowPart",  [System.Reflection.BindingFlags]::GetProperty, $null, $Temp, $null)

                $ObjectProperties[$_] = ([datetime]::FromFileTime([Int64]("0x{0:x8}{1:x8}" -f $High, $Low)))

            }

            else {

                $ObjectProperties[$_] = ([datetime]::FromFileTime(($Properties[$_][0])))

            }

        }

        elseif($Properties[$_][0] -is [System.MarshalByRefObject]) {

            # convert misc com objects

            $Prop = $Properties[$_]

            try {

                $Temp = $Prop[$_][0]

                Write-Verbose $_

                [Int32]$High = $Temp.GetType().InvokeMember("HighPart", [System.Reflection.BindingFlags]::GetProperty, $null, $Temp, $null)

                [Int32]$Low  = $Temp.GetType().InvokeMember("LowPart",  [System.Reflection.BindingFlags]::GetProperty, $null, $Temp, $null)

                $ObjectProperties[$_] = [Int64]("0x{0:x8}{1:x8}" -f $High, $Low)

            }

            catch {

                $ObjectProperties[$_] = $Prop[$_]

            }

        }

        elseif($Properties[$_].count -eq 1) {

            $ObjectProperties[$_] = $Properties[$_][0]

        }

        else {

            $ObjectProperties[$_] = $Properties[$_]

        }

    }


    New-Object -TypeName PSObject -Property $ObjectProperties

}



function Get-NetForest {


    [CmdletBinding()]

    param(

        [Parameter(ValueFromPipeline=$True)]

        [String]

        $Forest

    )


    process {

        if($Forest) {

            $ForestContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Forest', $Forest)

            try {

                $ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)

            }

            catch {

                Write-Debug "The specified forest $Forest does not exist, could not be contacted, or there isn't an existing trust."

                $Null

            }

        }

        else {

            # otherwise use the current forest

            $ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()

        }


        if($ForestObject) {

            # get the SID of the forest root

            $ForestSid = (New-Object System.Security.Principal.NTAccount($ForestObject.RootDomain,"krbtgt")).Translate([System.Security.Principal.SecurityIdentifier]).Value

            $Parts = $ForestSid -Split "-"

            $ForestSid = $Parts[0..$($Parts.length-2)] -join "-"

            $ForestObject | Add-Member NoteProperty 'RootDomainSid' $ForestSid

            $ForestObject

        }

    }

}




function Get-NetForestDomain {


    [CmdletBinding()]

    param(

        [Parameter(ValueFromPipeline=$True)]

        [String]

        $Forest,


        [String]

        $Domain

    )


    process {

        if($Domain) {

            # try to detect a wild card so we use -like

            if($Domain.Contains('*')) {

                (Get-NetForest -Forest $Forest).Domains | Where-Object {$_.Name -like $Domain}

            }

            else {

                # match the exact domain name if there's not a wildcard

                (Get-NetForest -Forest $Forest).Domains | Where-Object {$_.Name.ToLower() -eq $Domain.ToLower()}

            }

        }

        else {

            # return all domains

            $ForestObject = Get-NetForest -Forest $Forest

            if($ForestObject) {

                $ForestObject.Domains

            }

        }

    }

}



function Get-DomainSearcher {



    [CmdletBinding()]

    param(

        [String]

        $Domain,


        [String]

        $DomainController,


        [String]

        $ADSpath,


        [String]

        $ADSprefix,


        [ValidateRange(1,10000)] 

        [Int]

        $PageSize = 200

    )


    if(!$Domain) {

        $Domain = (Get-NetDomain).name

    }

    else {

        if(!$DomainController) {

            try {

                # if there's no -DomainController specified, try to pull the primary DC

                #   to reflect queries through

                $DomainController = ((Get-NetDomain).PdcRoleOwner).Name

            }

            catch {

                throw "Get-DomainSearcher: Error in retrieving PDC for current domain"

            }

        }

    }


    $SearchString = "LDAP://"


    if($DomainController) {

        $SearchString += $DomainController + "/"

    }

    if($ADSprefix) {

        $SearchString += $ADSprefix + ","

    }


    if($ADSpath) {

        if($ADSpath -like "GC://*") {

            # if we're searching the global catalog

            $DistinguishedName = $AdsPath

            $SearchString = ""

        }

        else {

            if($ADSpath -like "LDAP://*") {

                $ADSpath = $ADSpath.Substring(7)

            }

            $DistinguishedName = $ADSpath

        }

    }

    else {

        $DistinguishedName = "DC=$($Domain.Replace('.', ',DC='))"

    }


    $SearchString += $DistinguishedName

    Write-Verbose "Get-DomainSearcher search string: $SearchString"


    $Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString)

    $Searcher.PageSize = $PageSize

    $Searcher

}



function Get-NetComputer {


    [CmdletBinding()]

    Param (

        [Parameter(ValueFromPipeline=$True)]

        [Alias('HostName')]

        [String]

        $ComputerName = '*',


        [String]

        $SPN,


        [String]

        $OperatingSystem,


        [String]

        $ServicePack,


        [String]

        $Filter,


        [Switch]

        $Printers,


        [Switch]

        $Ping,


        [Switch]

        $FullData,


        [String]

        $Domain,


        [String]

        $DomainController,


        [String]

        $ADSpath,


        [Switch]

        $Unconstrained,


        [ValidateRange(1,10000)] 

        [Int]

        $PageSize = 200

    )


begin {

        # so this isn't repeated if users are passed on the pipeline

        $CompSearcher = Get-DomainSearcher -Domain $Domain -DomainController $DomainController -ADSpath $ADSpath -PageSize $PageSize

    }

    process {


        if ($CompSearcher) {


            # if we're checking for unconstrained delegation

            if($Unconstrained) {

                Write-Verbose "Searching for computers with for unconstrained delegation"

                $Filter += "(userAccountControl:1.2.840.113556.1.4.803:=524288)"

            }

            # set the filters for the seracher if it exists

            if($Printers) {

                Write-Verbose "Searching for printers"

                # $CompSearcher.filter="(&(objectCategory=printQueue)$Filter)"

                $Filter += "(objectCategory=printQueue)"

            }

            if($SPN) {

                Write-Verbose "Searching for computers with SPN: $SPN"

                $Filter += "(servicePrincipalName=$SPN)"

            }

            if($OperatingSystem) {

                $Filter += "(operatingsystem=$OperatingSystem)"

            }

            if($ServicePack) {

                $Filter += "(operatingsystemservicepack=$ServicePack)"

            }


            $CompSearcher.filter = "(&(sAMAccountType=805306369)(dnshostname=$ComputerName)$Filter)"


            try {


                $CompSearcher.FindAll() | Where-Object {$_} | ForEach-Object {

                    $Up = $True

                    if($Ping) {

                        # TODO: how can these results be piped to ping for a speedup?

                        $Up = Test-Connection -Count 1 -Quiet -ComputerName $_.properties.dnshostname

                    }

                    if($Up) {

                        # return full data objects

                        if ($FullData) {

                            # convert/process the LDAP fields for each result

                            Convert-LDAPProperty -Properties $_.Properties

                        }

                        else {

                            # otherwise we're just returning the DNS host name

                            $_.properties.dnshostname

                        }

                    }

                }

            }

            catch {

                Write-Warning "Error: $_"

            }

        }

    }

}



function Get-NameField {

    [CmdletBinding()]

    param(

        [Parameter(Mandatory=$True,ValueFromPipeline=$True)]

        $Object

    )

    process {

        if($Object) {

            if ( [bool]($Object.PSobject.Properties.name -match "dnshostname") ) {

                # objects from Get-NetComputer

                $Object.dnshostname

            }

            elseif ( [bool]($Object.PSobject.Properties.name -match "name") ) {

                # objects from Get-NetDomainController

                $Object.name

            }

            else {

                # strings and catch alls

                $Object

            }

        }

        else {

            return $Null

        }

    }

}


function Get-NetShare {



    [CmdletBinding()]

    param(

        [Parameter(ValueFromPipeline=$True)]

        [Alias('HostName')]

        [String]

        $ComputerName = 'localhost'

    )


    begin {

        if ($PSBoundParameters['Debug']) {

            $DebugPreference = 'Continue'

        }

    }


    process {


        # process multiple host object types from the pipeline

        $ComputerName = Get-NameField -Object $ComputerName


        # arguments for NetShareEnum

        $QueryLevel = 1

        $PtrInfo = [IntPtr]::Zero

        $EntriesRead = 0

        $TotalRead = 0

        $ResumeHandle = 0


        # get the share information

        $Result = $Netapi32::NetShareEnum($ComputerName, $QueryLevel, [ref]$PtrInfo, -1, [ref]$EntriesRead, [ref]$TotalRead, [ref]$ResumeHandle)


        # Locate the offset of the initial intPtr

        $Offset = $PtrInfo.ToInt64()


        Write-Debug "Get-NetShare result: $Result"


        # 0 = success

        if (($Result -eq 0) -and ($Offset -gt 0)) {


            # Work out how mutch to increment the pointer by finding out the size of the structure

            $Increment = $SHARE_INFO_1::GetSize()


            # parse all the result structures

            for ($i = 0; ($i -lt $EntriesRead); $i++) {

                # create a new int ptr at the given offset and cast

                #   the pointer as our result structure

                $NewIntPtr = New-Object System.Intptr -ArgumentList $Offset

                $Info = $NewIntPtr -as $SHARE_INFO_1

                # return all the sections of the structure

                $Info | Select-Object *

                $Offset = $NewIntPtr.ToInt64()

                $Offset += $Increment

            }


            # free up the result buffer

            $Null = $Netapi32::NetApiBufferFree($PtrInfo)

        }

        else

        {

            switch ($Result) {

                (5)           {Write-Debug 'The user does not have access to the requested information.'}

                (124)         {Write-Debug 'The value specified for the level parameter is not valid.'}

                (87)          {Write-Debug 'The specified parameter is not valid.'}

                (234)         {Write-Debug 'More entries are available. Specify a large enough buffer to receive all entries.'}

                (8)           {Write-Debug 'Insufficient memory is available.'}

                (2312)        {Write-Debug 'A session does not exist with the computer name.'}

                (2351)        {Write-Debug 'The computer name is not valid.'}

                (2221)        {Write-Debug 'Username not found.'}

                (53)          {Write-Debug 'Hostname could not be found'}

            }

        }

    }

}




function Invoke-ShareFinder {


    [CmdletBinding()]

    param(

        [Parameter(Position=0,ValueFromPipeline=$True)]

        [Alias('Hosts')]

        [String[]]

        $ComputerName,


        [ValidateScript({Test-Path -Path $_ })]

        [Alias('HostList')]

        [String]

        $ComputerFile,


        [String]

        $ComputerFilter,


        [String]

        $ComputerADSpath,


        [Switch]

        $ExcludeStandard,


        [Switch]

        $ExcludePrint,


        [Switch]

        $ExcludeIPC,


        [Switch]

        $NoPing,


        [Switch]

        $CheckShareAccess,


        [Switch]

        $CheckAdmin,


        [UInt32]

        $Delay = 0,


        [Double]

        $Jitter = .3,


        [String]

        $Domain,


        [String]

        $DomainController,

 

        [Switch]

        $SearchForest,


        [ValidateRange(1,100)] 

        [Int]

        $Threads

    )


    begin {

        if ($PSBoundParameters['Debug']) {

            $DebugPreference = 'Continue'

        }


        # random object for delay

        $RandNo = New-Object System.Random


        Write-Verbose "[*] Running Invoke-ShareFinder with delay of $Delay"


        # figure out the shares we want to ignore

        [String[]] $ExcludedShares = @('')


        if ($ExcludePrint) {

            $ExcludedShares = $ExcludedShares + "PRINT$"

        }

        if ($ExcludeIPC) {

            $ExcludedShares = $ExcludedShares + "IPC$"

        }

        if ($ExcludeStandard) {

            $ExcludedShares = @('', "ADMIN$", "IPC$", "C$", "PRINT$")

        }


        if(!$ComputerName) { 


            if($Domain) {

                $TargetDomains = @($Domain)

            }

            elseif($SearchForest) {

                # get ALL the domains in the forest to search

                $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name }

            }

            else {

                # use the local domain

                $TargetDomains = @( (Get-NetDomain).name )

            }


            # if we're using a host file list, read the targets in and add them to the target list

            if($ComputerFile) {

                $ComputerName = Get-Content -Path $ComputerFile

            }

            else {

                [array]$ComputerName = @()

                ForEach ($Domain in $TargetDomains) {

                    Write-Verbose "[*] Querying domain $Domain for hosts"

                    $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath

                }

            }


            # remove any null target hosts, uniquify the list and shuffle it

            $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random }

            if($($ComputerName.count) -eq 0) {

                throw "No hosts found!"

            }

        }


        # script block that enumerates a server

        $HostEnumBlock = {

            param($ComputerName, $Ping, $CheckShareAccess, $ExcludedShares, $CheckAdmin)


            # optionally check if the server is up first

            $Up = $True

            if($Ping) {

                $Up = Test-Connection -Count 1 -Quiet -ComputerName $ComputerName

            }

            if($Up) {

                # get the shares for this host and check what we find

                $Shares = Get-NetShare -ComputerName $ComputerName

                ForEach ($Share in $Shares) {

                    Write-Debug "[*] Server share: $Share"

                    $NetName = $Share.shi1_netname

                    $Remark = $Share.shi1_remark

                    $Path = '\\'+$ComputerName+'\'+$NetName


                    # make sure we get a real share name back

                    if (($NetName) -and ($NetName.trim() -ne '')) {

                        # if we're just checking for access to ADMIN$

                        if($CheckAdmin) {

                            if($NetName.ToUpper() -eq "ADMIN$") {

                                try {

                                    $Null = [IO.Directory]::GetFiles($Path)

                                    "\\$ComputerName\$NetName `t- $Remark"

                                }

                                catch {

                                    Write-Debug "Error accessing path $Path : $_"

                                }

                            }

                        }

                        # skip this share if it's in the exclude list

                        elseif ($ExcludedShares -NotContains $NetName.ToUpper()) {

                            # see if we want to check access to this share

                            if($CheckShareAccess) {

                                # check if the user has access to this path

                                try {

                                    $Null = [IO.Directory]::GetFiles($Path)

                                    "\\$ComputerName\$NetName `t- $Remark"

                                }

                                catch {

                                    Write-Debug "Error accessing path $Path : $_"

                                }

                            }

                            else {

                                "\\$ComputerName\$NetName `t- $Remark"

                            }

                        }

                    }

                }

            }

        }


    }


    process {


        if($Threads) {

            Write-Verbose "Using threading with threads = $Threads"


            # if we're using threading, kick off the script block with Invoke-ThreadedFunction

            $ScriptParams = @{

                'Ping' = $(-not $NoPing)

                'CheckShareAccess' = $CheckShareAccess

                'ExcludedShares' = $ExcludedShares

                'CheckAdmin' = $CheckAdmin

            }


            # kick off the threaded script block + arguments 

            Invoke-ThreadedFunction -ComputerName $ComputerName -ScriptBlock $HostEnumBlock -ScriptParameters $ScriptParams

        }


        else {

            if(-not $NoPing -and ($ComputerName.count -ne 1)) {

                # ping all hosts in parallel

                $Ping = {param($ComputerName) if(Test-Connection -ComputerName $ComputerName -Count 1 -Quiet -ErrorAction Stop){$ComputerName}}

                $ComputerName = Invoke-ThreadedFunction -NoImports -ComputerName $ComputerName -ScriptBlock $Ping -Threads 100

            }


            Write-Verbose "[*] Total number of active hosts: $($ComputerName.count)"

            $Counter = 0


            ForEach ($Computer in $ComputerName) {


                $Counter = $Counter + 1


                # sleep for our semi-randomized interval

                Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay)


                Write-Verbose "[*] Enumerating server $Computer ($Counter of $($ComputerName.count))"

                Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $Computer, $False, $CheckShareAccess, $ExcludedShares, $CheckAdmin

            }

        }

        

    }

}


function func

{

    Param

    (

        [Parameter(Position = 0, Mandatory = $True)]

        [String]

        $DllName,


        [Parameter(Position = 1, Mandatory = $True)]

        [String]

        $FunctionName,


        [Parameter(Position = 2, Mandatory = $True)]

        [Type]

        $ReturnType,


        [Parameter(Position = 3)]

        [Type[]]

        $ParameterTypes,


        [Parameter(Position = 4)]

        [Runtime.InteropServices.CallingConvention]

        $NativeCallingConvention,


        [Parameter(Position = 5)]

        [Runtime.InteropServices.CharSet]

        $Charset,


        [Switch]

        $SetLastError

    )


    $Properties = @{

        DllName = $DllName

        FunctionName = $FunctionName

        ReturnType = $ReturnType

    }


    if ($ParameterTypes) { $Properties['ParameterTypes'] = $ParameterTypes }

    if ($NativeCallingConvention) { $Properties['NativeCallingConvention'] = $NativeCallingConvention }

    if ($Charset) { $Properties['Charset'] = $Charset }

    if ($SetLastError) { $Properties['SetLastError'] = $SetLastError }


    New-Object PSObject -Property $Properties

}


function psenum

{



    [OutputType([Type])]

    Param

    (

        [Parameter(Position = 0, Mandatory = $True)]

        [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})]

        $Module,


        [Parameter(Position = 1, Mandatory = $True)]

        [ValidateNotNullOrEmpty()]

        [String]

        $FullName,


        [Parameter(Position = 2, Mandatory = $True)]

        [Type]

        $Type,


        [Parameter(Position = 3, Mandatory = $True)]

        [ValidateNotNullOrEmpty()]

        [Hashtable]

        $EnumElements,


        [Switch]

        $Bitfield

    )



    if ($Module -is [Reflection.Assembly])

    {

        $k = ($Module.GetType($FullName))

return $k

    }


    $EnumType = $Type -as [Type]


    $EnumBuilder = $Module.DefineEnum($FullName, 'Public', $EnumType)

    if ($Bitfield)

    {

        $FlagsConstructor = [FlagsAttribute].GetConstructor(@())

        $FlagsCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($FlagsConstructor, @())

        $EnumBuilder.SetCustomAttribute($FlagsCustomAttribute)

    }

    ForEach ($Key in $EnumElements.Keys)

    {

        # Apply the specified enum type to each element

        $Null = $EnumBuilder.DefineLiteral($Key, $EnumElements[$Key] -as $EnumType)

    }

    $EnumBuilder.CreateType()

}



# A helper function used to reduce typing while defining struct

# fields.

function field

{

    Param

    (

        [Parameter(Position = 0, Mandatory = $True)]

        [UInt16]

        $Position,


        [Parameter(Position = 1, Mandatory = $True)]

        [Type]

        $Type,


        [Parameter(Position = 2)]

        [UInt16]

        $Offset,


        [Object[]]

        $MarshalAs

    )


    @{

        Position = $Position

        Type = $Type -as [Type]

        Offset = $Offset

        MarshalAs = $MarshalAs

    }

}



function struct

{



    [OutputType([Type])]

    Param

    (

        [Parameter(Position = 1, Mandatory = $True)]

        [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})]

        $Module,


        [Parameter(Position = 2, Mandatory = $True)]

        [ValidateNotNullOrEmpty()]

        [String]

        $FullName,


        [Parameter(Position = 3, Mandatory = $True)]

        [ValidateNotNullOrEmpty()]

        [Hashtable]

        $StructFields,


        [Reflection.Emit.PackingSize]

        $PackingSize = [Reflection.Emit.PackingSize]::Unspecified,


        [Switch]

        $ExplicitLayout

    )


    if ($Module -is [Reflection.Assembly])

    {

        return ($Module.GetType($FullName))

    }


    [Reflection.TypeAttributes] $StructAttributes = 'AnsiClass,

        Class,

        Public,

        Sealed,

        BeforeFieldInit'


    if ($ExplicitLayout)

    {

        $StructAttributes = $StructAttributes -bor [Reflection.TypeAttributes]::ExplicitLayout

    }

    else

    {

        $StructAttributes = $StructAttributes -bor [Reflection.TypeAttributes]::SequentialLayout

    }


    $StructBuilder = $Module.DefineType($FullName, $StructAttributes, [ValueType], $PackingSize)

    $ConstructorInfo = [Runtime.InteropServices.MarshalAsAttribute].GetConstructors()[0]

    $SizeConst = @([Runtime.InteropServices.MarshalAsAttribute].GetField('SizeConst'))


    $Fields = New-Object Hashtable[]($StructFields.Count)


    # Sort each field according to the orders specified

    # Unfortunately, PSv2 doesn't have the luxury of the

    # hashtable [Ordered] accelerator.

    ForEach ($Field in $StructFields.Keys)

    {

        $Index = $StructFields[$Field]['Position']

        $Fields[$Index] = @{FieldName = $Field; Properties = $StructFields[$Field]}

    }


    ForEach ($Field in $Fields)

    {

        $FieldName = $Field['FieldName']

        $FieldProp = $Field['Properties']


        $Offset = $FieldProp['Offset']

        $Type = $FieldProp['Type']

        $MarshalAs = $FieldProp['MarshalAs']


        $NewField = $StructBuilder.DefineField($FieldName, $Type, 'Public')


        if ($MarshalAs)

        {

            $UnmanagedType = $MarshalAs[0] -as ([Runtime.InteropServices.UnmanagedType])

            if ($MarshalAs[1])

            {

                $Size = $MarshalAs[1]

                $AttribBuilder = New-Object Reflection.Emit.CustomAttributeBuilder($ConstructorInfo,

                    $UnmanagedType, $SizeConst, @($Size))

            }

            else

            {

                $AttribBuilder = New-Object Reflection.Emit.CustomAttributeBuilder($ConstructorInfo, [Object[]] @($UnmanagedType))

            }


            $NewField.SetCustomAttribute($AttribBuilder)

        }


        if ($ExplicitLayout) { $NewField.SetOffset($Offset) }

    }


    # Make the struct aware of its own size.

    # No more having to call [Runtime.InteropServices.Marshal]::SizeOf!

    $SizeMethod = $StructBuilder.DefineMethod('GetSize',

        'Public, Static',

        [Int],

        [Type[]] @())

    $ILGenerator = $SizeMethod.GetILGenerator()

    # Thanks for the help, Jason Shirk!

    $ILGenerator.Emit([Reflection.Emit.OpCodes]::Ldtoken, $StructBuilder)

    $ILGenerator.Emit([Reflection.Emit.OpCodes]::Call,

        [Type].GetMethod('GetTypeFromHandle'))

    $ILGenerator.Emit([Reflection.Emit.OpCodes]::Call,

        [Runtime.InteropServices.Marshal].GetMethod('SizeOf', [Type[]] @([Type])))

    $ILGenerator.Emit([Reflection.Emit.OpCodes]::Ret)


    # Allow for explicit casting from an IntPtr

    # No more having to call [Runtime.InteropServices.Marshal]::PtrToStructure!

    $ImplicitConverter = $StructBuilder.DefineMethod('op_Implicit',

        'PrivateScope, Public, Static, HideBySig, SpecialName',

        $StructBuilder,

        [Type[]] @([IntPtr]))

    $ILGenerator2 = $ImplicitConverter.GetILGenerator()

    $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Nop)

    $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ldarg_0)

    $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ldtoken, $StructBuilder)

    $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Call,

        [Type].GetMethod('GetTypeFromHandle'))

    $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Call,

        [Runtime.InteropServices.Marshal].GetMethod('PtrToStructure', [Type[]] @([IntPtr], [Type])))

    $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Unbox_Any, $StructBuilder)

    $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ret)


    $StructBuilder.CreateType()

}


function Add-Win32Type

{



    [OutputType([Hashtable])]

    Param(

        [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]

        [String]

        $DllName,


        [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]

        [String]

        $FunctionName,


        [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]

        [Type]

        $ReturnType,


        [Parameter(ValueFromPipelineByPropertyName = $True)]

        [Type[]]

        $ParameterTypes,


        [Parameter(ValueFromPipelineByPropertyName = $True)]

        [Runtime.InteropServices.CallingConvention]

        $NativeCallingConvention = [Runtime.InteropServices.CallingConvention]::StdCall,


        [Parameter(ValueFromPipelineByPropertyName = $True)]

        [Runtime.InteropServices.CharSet]

        $Charset = [Runtime.InteropServices.CharSet]::Auto,


        [Parameter(ValueFromPipelineByPropertyName = $True)]

        [Switch]

        $SetLastError,


        [Parameter(Mandatory = $True)]

        [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})]

        $Module,


        [ValidateNotNull()]

        [String]

        $Namespace = ''

    )


    BEGIN

    {

        $TypeHash = @{}

    }


    PROCESS

    {

        if ($Module -is [Reflection.Assembly])

        {

            if ($Namespace)

            {

                $TypeHash[$DllName] = $Module.GetType("$Namespace.$DllName")

            }

            else

            {

                $TypeHash[$DllName] = $Module.GetType($DllName)

            }

        }

        else

        {

            # Define one type for each DLL

            if (!$TypeHash.ContainsKey($DllName))

            {

                if ($Namespace)

                {

                    $TypeHash[$DllName] = $Module.DefineType("$Namespace.$DllName", 'Public,BeforeFieldInit')

                }

                else

                {

                    $TypeHash[$DllName] = $Module.DefineType($DllName, 'Public,BeforeFieldInit')

                }

            }


            $Method = $TypeHash[$DllName].DefineMethod(

                $FunctionName,

                'Public,Static,PinvokeImpl',

                $ReturnType,

                $ParameterTypes)


            # Make each ByRef parameter an Out parameter

            $i = 1

            ForEach($Parameter in $ParameterTypes)

            {

                if ($Parameter.IsByRef)

                {

                    [void] $Method.DefineParameter($i, 'Out', $Null)

                }


                $i++

            }


            $DllImport = [Runtime.InteropServices.DllImportAttribute]

            $SetLastErrorField = $DllImport.GetField('SetLastError')

            $CallingConventionField = $DllImport.GetField('CallingConvention')

            $CharsetField = $DllImport.GetField('CharSet')

            if ($SetLastError) { $SLEValue = $True } else { $SLEValue = $False }


            # Equivalent to C# version of [DllImport(DllName)]

            $Constructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor([String])

            $DllImportAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($Constructor,

                $DllName, [Reflection.PropertyInfo[]] @(), [Object[]] @(),

                [Reflection.FieldInfo[]] @($SetLastErrorField, $CallingConventionField, $CharsetField),

                [Object[]] @($SLEValue, ([Runtime.InteropServices.CallingConvention] $NativeCallingConvention), ([Runtime.InteropServices.CharSet] $Charset)))


            $Method.SetCustomAttribute($DllImportAttribute)

        }

    }


    END

    {

        if ($Module -is [Reflection.Assembly])

        {

            return $TypeHash

        }


        $ReturnTypes = @{}


        ForEach ($Key in $TypeHash.Keys)

        {

            $Type = $TypeHash[$Key].CreateType()


            $ReturnTypes[$Key] = $Type

        }


        return $ReturnTypes

    }

}


function New-InMemoryModule

{



    Param

    (

        [Parameter(Position = 0)]

        [ValidateNotNullOrEmpty()]

        [String]

        $ModuleName = [Guid]::NewGuid().ToString()

    )


    $LoadedAssemblies = [AppDomain]::CurrentDomain.GetAssemblies()


    ForEach ($Assembly in $LoadedAssemblies) {

        if ($Assembly.FullName -and ($Assembly.FullName.Split(',')[0] -eq $ModuleName)) {

            return $Assembly

        }

    }


    $DynAssembly = New-Object Reflection.AssemblyName($ModuleName)

    $Domain = [AppDomain]::CurrentDomain

    $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, 'Run')

    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule($ModuleName, $False)


    return $ModuleBuilder

}



$Mod = New-InMemoryModule -ModuleName Win32


# all of the Win32 API functions we need

$FunctionDefinitions = @(

    (func netapi32 NetShareEnum ([Int]) @([String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())),

    (func netapi32 NetWkstaUserEnum ([Int]) @([String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())),

    (func netapi32 NetSessionEnum ([Int]) @([String], [String], [String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())),

    (func netapi32 NetApiBufferFree ([Int]) @([IntPtr])),

    (func advapi32 OpenSCManagerW ([IntPtr]) @([String], [String], [Int])),

    (func advapi32 CloseServiceHandle ([Int]) @([IntPtr])),

    (func wtsapi32 WTSOpenServerEx ([IntPtr]) @([String])),

    (func wtsapi32 WTSEnumerateSessionsEx ([Int]) @([IntPtr], [Int32].MakeByRefType(), [Int], [IntPtr].MakeByRefType(),  [Int32].MakeByRefType())),

    (func wtsapi32 WTSQuerySessionInformation ([Int]) @([IntPtr], [Int], [Int], [IntPtr].MakeByRefType(), [Int32].MakeByRefType())),

    (func wtsapi32 WTSFreeMemoryEx ([Int]) @([Int32], [IntPtr], [Int32])),

    (func wtsapi32 WTSFreeMemory ([Int]) @([IntPtr])),

    (func wtsapi32 WTSCloseServer ([Int]) @([IntPtr])),

    (func kernel32 GetLastError ([Int]) @())

)


# enum used by $WTS_SESSION_INFO_1 below

$WTSConnectState = psenum $Mod WTS_CONNECTSTATE_CLASS UInt16 @{

    Active       =    0

    Connected    =    1

    ConnectQuery =    2

    Shadow       =    3

    Disconnected =    4

    Idle         =    5

    Listen       =    6

    Reset        =    7

    Down         =    8

    Init         =    9

}


# the WTSEnumerateSessionsEx result structure

$WTS_SESSION_INFO_1 = struct $Mod WTS_SESSION_INFO_1 @{

    ExecEnvId = field 0 UInt32

    State = field 1 $WTSConnectState

    SessionId = field 2 UInt32

    pSessionName = field 3 String -MarshalAs @('LPWStr')

    pHostName = field 4 String -MarshalAs @('LPWStr')

    pUserName = field 5 String -MarshalAs @('LPWStr')

    pDomainName = field 6 String -MarshalAs @('LPWStr')

    pFarmName = field 7 String -MarshalAs @('LPWStr')

}


# the particular WTSQuerySessionInformation result structure

$WTS_CLIENT_ADDRESS = struct $mod WTS_CLIENT_ADDRESS @{

    AddressFamily = field 0 UInt32

    Address = field 1 Byte[] -MarshalAs @('ByValArray', 20)

}


# the NetShareEnum result structure

$SHARE_INFO_1 = struct $Mod SHARE_INFO_1 @{

    shi1_netname = field 0 String -MarshalAs @('LPWStr')

    shi1_type = field 1 UInt32

    shi1_remark = field 2 String -MarshalAs @('LPWStr')

}


# the NetWkstaUserEnum result structure

$WKSTA_USER_INFO_1 = struct $Mod WKSTA_USER_INFO_1 @{

    wkui1_username = field 0 String -MarshalAs @('LPWStr')

    wkui1_logon_domain = field 1 String -MarshalAs @('LPWStr')

    wkui1_oth_domains = field 2 String -MarshalAs @('LPWStr')

    wkui1_logon_server = field 3 String -MarshalAs @('LPWStr')

}


# the NetSessionEnum result structure

$SESSION_INFO_10 = struct $Mod SESSION_INFO_10 @{

    sesi10_cname = field 0 String -MarshalAs @('LPWStr')

    sesi10_username = field 1 String -MarshalAs @('LPWStr')

    sesi10_time = field 2 UInt32

    sesi10_idle_time = field 3 UInt32

}




$Types = $FunctionDefinitions | Add-Win32Type -Module $Mod -Namespace 'Win32'

$Netapi32 = $Types['netapi32']

$Advapi32 = $Types['advapi32']

$Kernel32 = $Types['kernel32']

$Wtsapi32 = $Types['wtsapi32']


24 comments:

  1. I was thrown out of my own house was sleeping in a hotel for weeks she also took possession of my son could only see him once a week then I found out she was in love with my accountant all these while so I went online and I came across a Russian private investigator who help me get all my properties and my accounts back even my company back how he did these I don’t know but I gave all the information he asked for and followed all his instructions and now I’m happy my life’s better now.
    Thanks to HACKINTECHNOLOGY@CYBERSERVICES.COM
    I just said I should share my own story here
    Thank you

    ReplyDelete
  2. Cyberspaceshield is a company with group of certified hacker, who are always ready to assist you with all your cyber problems.

    We’ve been in existence for ages now, we are reliable and helpful in terms of cyber bullying.

    We can help you get all your cyber threats and bullies solved in less than what you can ever imagine.

    These are somethings we specializes on:

    ➡️ Phone Hacks

    ➡️ Credit scores

    ➡️ Social media Hacks (Facebook, Instagram, tik tok).

    ➡️ Binary options

    ➡️ Binary Recovery

    ➡️ Clear criminal records etc.


    The internet is full of scammers, that’s why we’re here to help you fight them out.

    If you have been a victim of scam, don’t hesitate to write us on

    EMAIL: Cyberspaceshield@gmail.com

    Thank you!!!

    ReplyDelete
  3. I know of a group of private investigators who can help you with they are also hackers but prefer to be called private investigators They can help with your bitcoin issues and your clients will be happy doing business with you,they can also help yo with your bad credit score,hacking into phones,binary recovery,wiping criminal records,increase school score, stolen files in your office or school,blank atm etc. Just name it and you will live a better life
    Contact +1(407) 777-4240
    Premiumhackservices@gmail.com

    ReplyDelete
  4. He is the best out there,I tested him and he delivered a good job,he helped me settle bank loans,he also helped my son upgrade his scores at high school final year which made him graduate successfully and he gave my son free scholarship into the college,all I had to do was to settle the bills for the tools on the job,I used $500 to get a job of $50000 done all thanks to Robertson he saved me from all my troubles,sharing this is how I can show gratitude in return for all he has done for me and my family

    Contact premiumhackservices@gmail.com

    Text/call ‪+1 (984) 733‑3673‬

    WhatsApp ‪+1 (984) 733‑3673‬

    Telegram ‪+1 (984) 733‑3673‬

    ReplyDelete
  5. I lost my job few months back and there was no way to get income for my family, things was so tough and I couldn't get anything for my children, not until a met a recommendation on a page writing how Mr Bernie Wilfred helped a lady in getting a huge amount of profit every 6 working days on trading with his management on the cryptocurrency Market, to be honest I never believe it but I took the risk to take a loan of $1000. and I contacted him unbelievable and I was so happy I earn $12,500 in 6 working days, the most joy is that I can now take care of my family I don't know how to appreciate your good work Mr. Bernie Doran God will continue to bless you for being a life saver I have no way to appreciate you than to tell people about your good services.
For a perfect investment and good strategies contact Mr Bernie Doran via WhatsApp :+1(424)285-0682 or Telegram : @Bernie_doran_fx or Email : Bernie.doranfx01@gmail.com

    ReplyDelete
  6. Came to this country and made a few financial mistakes. People told me I’d never be able to get my credit back on track and that it would take years. My friend introduced me to PINNACLE CREDIT SPECIALIST and trust me when I tell you I can’t believe my scores!!! I keep checking to ensure its saying 805. I love you guys!!! Reach them via : pinnaclecreditspecialist@gmail.com Phone: +1 585 466 4373.

    ReplyDelete
  7. I highly recommend Wardriver's Cyber service to help you recover your funds if you have ever been a victim of a bitcoin and cryptocurrency scam. I was contacted a few weeks ago on Instagram by someone claiming to be into investment and I could make huge profits on all my investment returns, I was moved by it and invested $70,000 into this cryptocurrency scam after he promised I will get a huge return on my investment in a few days, I realize it was all a scam when it was time to get my profits and they stopped responding to me and logged me out of my account on their platform. I heard about Wardriver's Cyber service from a colleague of mine and how they can help me recover my funds by hacking into their system. I contacted them and provide them with the information they requested and my funds were refunded to me within 24 hours. I feel relieved and thought it would be best to share this with many others out there who might need their service. You can contact them with the following information.
    Email: wardriverscyberservice @techie.com
    Whats-App/Tele-Gram: +1 ( 6 1 6) 8 9 8-7 2 8 5

    ReplyDelete
  8. Excellent article and I think the post that touchs readers's concerns always rock.
    bmo contact us
    maintenance enforcement ns

    ReplyDelete
  9. I am Richard Harrell and I live in AZ. My most gratitude goes to DOVLY CREDIT SOLUTION. Few months ago, I needed help with my credit. I had nowhere to run to. My whole life was in shambles because my current credit score was low 500, I wanted a higher score and negative items deleted although most of them I had no idea why they were there because I never opened accounts with credit cards. I went on the internet to search for help, and I found DOVLY CREDIT SOLUTION the credit professional and I immediately contacted them through (+1 713 396 5299 / OR DOVLYCREDITSOLUTION@GMAIL.COM). We got started with the process with some few questions and a little display of competency as a proof of legitimacy. The good news is that they did all they promised to do (deleted the accounts, erased all the inquiries and eventually raised my score to an 808 excellent score). Someone might be in a similar situation that’s the reason I decided to do this. Cheers!

    ReplyDelete
  10. Some FICO hackers will delay you; some will scam you, but here is how I got my FICO score to 805 excellent score from as low 500, due to my diabetic condition I got a setback on my payments owing to medical bills, my world started falling apart because I wanted to rent a home and take some loans but couldn’t. I kept looking for someone who could help me fix my credit to no avail, until October last year when I met DOVLY CREDIT SOLUTION through a friend whom they had worked for. DOVLY CREDIT SOLUTION boosted my credit in 6 days and restored my dignity. I was able to purchase a home. You can contact them by email: DOVLYCREDITSOLUTION@GMAIL.COM OR Call +1 (713) 396-5299. Only DOVLY CREDIT SOLUTION can do it for you.

    ReplyDelete
  11. Hello everyone! Ok…I’ll try to shorten this as best I can. After many years of marriage, I finally got divorced about three years ago. My ex-wife had major spending issues. Both of us have very good jobs. She is a physician and I’m a pharmacist/software engineer. We are both high earners, but she spent like the money was endless. We had a $2 million home in Miami, new cars every couple years, and her credit card spending was out of control. It was to the point that she was racking my credit cards up as well. I finally decided enough was enough and I left. Moved to the other side of the country with extreme amounts of debt. In a two years period I paid off almost $240,000 of debt. Some of it had gone to collections, and some of it had not. But my credit score was in the toilet. I have been a software engineer for a long time. I had not practiced pharmacy in many years though I kept my license active. My software engineering has always been around pharmacy systems. So, I started working three jobs. Software engineer during the day, working as a pharmacist part time during the evenings and weekends, and doing telephonic patient counseling for medication. I was constantly tired. But paid off every penny of the debt I had including student loans. I owe no one anything now. The real problem was my credit score was in the mid-600s. That was equally embarrassing. I went a little crazy looking for hackers to help me increase my credit score until a colleague recommended DOVLY CREDIT SOLUTION to me. I quickly searched about them and discovered they had so many positive reviews that I quickly contacted them by email: DOVLYCREDITSOLUTION@GMAIL.COM / I also gave them a call +1 (713) 396-5299. They responded swiftly, and I explained my predicament to them, which they accepted to boost my credit score to an excellent score. To my greatest surprise after 9 days, I got a call from them by 7:00AM to confirm my current credit score, which I quickly logged into Credit Karma and discovered my score has been boosted to 800s across the credit bureaus. They also deleted all the collections and inquiries on my credit report. I have no regrets working with DOVLY CREDIT SOLUTION. Hit them up if you have any credit related issues. I’m now well qualified credit wise.

    ReplyDelete
  12. 4 years ago, my scores were all under 600, and had been below 500 a couple of years before that. It has been a long road, but I finally got there! All thanks to PINNACLE CREDIT SPECIALIST. They can do it for you too! Hit him up on email: pinnaclecreditspecialist@gmail.com OR Call +1 (409) 231 0041.

    ReplyDelete
  13. The lots of debt on my credit report deprived me so some many opportunities. Long story short I had 14k in CC debt, 30k in student loan debt, not great. I was low income/living beyond means while younger, perfect payment history last 7 years, no delinquency, charge offs, bankruptcy etc., no negatives other than balances, I think. Fico 8 was high 500s (599 EQ, 595 TU, 590 EX). After my mum told me about PINNACLE CREDIT SPECIALIST, I reached out to them immediately with the proposal, after about 6 days I was sitting here Netflix and chill when I get a notification from PINNACLE CREDIT SPECIALIST to pull my report. Yes, my scores are now (801 EQ, 809 TU, 811 EX) I shed in tears the goal was to be among the 800s club before the end of the year which has been achieved. You can contact him via: PINNACLECREDITSPECIALIST@GMAIL.COM Or Text +1 (409) 231-0041.

    ReplyDelete
  14. I intend to propose to my long-time girlfriend later this summer, so that we can move to Las Vegas together by the end of December. After that, we needed urgent help fixing our credit. I had a car loan, student loans and credit card debt. I also had another debt (mortgage). My girlfriend had 93k in consumer debt, with 75k of it on credit cards and the rest on her Acura. She does well in her career (makes $120k/yr. gross) which she has a spending issue. Well, I sought help online and I read quite a lot of good reviews about a credit guy called PINNACLE CREDIT SPECIALIST. I contacted him for credit help. We got started and after a couple of days, PINNACLE CREDIT SPECIALIST cleared the debts on my credit profile and eventually raised my score to 811. All these miracles happened in March. Feel free to contact him by email: PINNACLECREDITSPECIALIST@GMAIL.COM Or phone +1 (409) 231-0041 for credit related issues.

    ReplyDelete
  15. After my marriage 3 months ago, I applied for a home loan, so that my wife and I could move to a better apartment, but I got a negative reply, which I was told was because of my credit score. When I pulled my score, it was below average. I have a $10,000 student loan, some credit card debt, charge-off and an eviction. PINNACLE CREDIT SPECIALIST helped me erase all the above negative reports and boosted my score to excellent within 6 days. I’m recommending them to any person in need of credit assistance. Contact them by email: PINNACLECREDITSPECIALIST@GMAIL.COM OR their mobile: +1 (409) 231-0041.

    ReplyDelete
  16. I’m writing this review in appreciation to this great credit specialist called PINNACLE CREDIT SPECIALIST. I can’t stop thanking them for the good job they did on my credit. I had been suffering from financial bondage until I met a PINNACLE CREDIT SPECIALIST. They promised to turn my situation around and they kept their promise. Every negative item on my credit report (hard inquiries, late payments, credit card debts and charge-off etc.) has been cleared and my credit score raised by 279 points within 6 days. Contact info Email: PINNACLECREDITSPECIALIST@GMAIL.COM Telephone: +1 (409) 231-0041.

    ReplyDelete
  17. Hello, I’ll start off by saying I had a rough past and made financial and life missteps in my 20s. I’m in my 30s now. This is both a recommendation and an appreciation of the good job that PINNACLE CREDIT SPECIALIST did for me. After reading various testimonies on Quora I decided to give them a trial. And believe me when I say they were up to the task as they cleared my old debts off my credit report, overnight one that was almost 6 years old suddenly disappeared. My report is squeaky clean. My scores went up from 400 to 800+. PINNACLE CREDIT SPECIALIST is a life saver. Contact him by email: PINNACLECREDITSPECIALIST@GMAIL.COM Or Text +1 (409) 231-0041.

    ReplyDelete
  18. I was in the process of rebuilding! I had a 30-day late payment to Bank of America from May of 2019 due to being out of the state I live in due to a family emergency. My mother experienced a life changing injury and was in a trauma center for over a month. During this time, I inadvertently overlooked making my BOA payment. I explained this in a Goodwill letter I sent and was surprised that I immediately got a call stating they would investigate it. I was told to give them two to three days, as they would need time to review my account. One morning, I got a call from the same lady stating that they could not honor my request and remove it due to the Fair Credit Reporting Act. I told her that I was disappointed as I had read that they had removed other’s requests after similar events. She then apologized and stated how they changed the Goodwill/Humanitarian policy in December. I was also an authorized user on my ex’s USAA card that was charged off. It was at some point paid and settled but USAA refuses to remove the negative reporting from my credit report. I have disputed with all bureaus, and it’s never removed. This is both a recommendation and an appreciation of the good job that PINNACLE CREDIT SPECIALIST did for me. After reading various testimonies on QUORA and myFICO forum I decided to give them a trial. And believe me when I say they were up to the task as they cleared all the negative items on my credit report including charge offs, all late payment has been marked as paid on time. My report is squeaky clean. This morning, I got an email from Experian that said, " Congrats, your FICO Score went up. My score is now 803. This might sound sketchy, but PINNACLE CREDIT SPECIALIST is a life saver. Contact them by email: PINNACLECREDITSPECIALIST@GMAIL.COM Or Text (409) 231-0041.

    ReplyDelete
  19. I read something about PINNACLE CREDIT SPECIALIST that he fixed and repaired credit reports. I had Chapter 7 BK, 1 auto loan with Wells Fargo. My scores were 560, 563 and 552. I got in touch with him, and he started the repair which took him 9 days. He proved me wrong by sending me a link to confirm his work done and I must confirm it myself on Experian and Credit Karma. I got a congratulatory email from Experian that my score went up. My scores boost up to 811, 809, 802, all my scores are above 800’s. He also helped me apply for a credit card with high limits with several banks. I’m so happy and can’t thank him enough for the life changing results. Contact him now by email: PINNACLECREDITSPECIALIST@GMAIL.COM / Text +1 (409) 231-0041.

    ReplyDelete
  20. Truly Genius Hackers exist, I want to introduce PINNACLE CREDIT SPECIALIST to everyone out there for you to get your credit fixed. He’s very kind, he helped me raise my FICO score to 800+ excellent score and let me have hope in life once again. He also helped me remove all the negative items, collections with the late payments as well. PINNACLE CREDIT SPECIALIST is the best when it comes to credit repair. Contact him now by email: PINNACLECREDITSPECIALIST@GMAIL.COM / +1 (409) 231-0041

    ReplyDelete
  21. Okay, I’m 32 (female). I was supposed to be living a good decent life at this point, but I was depressed and was at my lowest. I lost my job in late 2022, and I had no plan, no savings, no emergency funds, full of debt and just made some of the worst finance choices in history. During this time, we got laid off, my car engine gave out and I had no means of transportation to get to a job. I was renting a room at the time, and I eventually had to move out because I couldn’t cover the rent. I was living in a small town up north in Michigan (NOTHING’S THERE), the plan was to stay there and save money, but I didn’t do what I was supposed to financially and ended up stuck there with nothing. I defaulted on all my credit cards and loans. My credit became a disaster. I couldn’t finance a car or rent an apartment. Last year, I was working at a bakery and was renting a room for $200 a month. The bakery started cutting my hours and then eventually they just laid us all and shut down. A whole year went by and literally I made no progress. This year 2024, I moved to Columbus, OH and I think I’m having a beautiful year. All thanks to PINNACLE CREDIT SPECIALIST, I finally got my credit fixed through the help of PINNACLE CREDIT SPECIALIST who gave me a whooping score of EX 811, TU 801, EQ 809 and gave me a fulfilled life here in Columbus OH. I’ve been approved of a house and a car. He’s an angel in human form don’t fail to hit him up on email: PINNACLECREDITSPECIALIST@GMAIL.COM OR call +1 (409) 231-0041. I am currently doing a Spark Delivery and DoorDash.

    ReplyDelete
  22. Hi, my name is Michelle Martz. My credit was deeply in mess. I saw a few people praising PINNACLE CREDIT SPECIALIST as the credit doctor. So, I got in touch with him and hint me some details which increased my credit score by 215 points within 6 days. I also had some late mortgage payments, medical bills, one late credit card payment and some inquiries which have been wiped out. Hit him up by email: PINNACLECREDITSPECIALIST@GMAIL.COM OR +1 (409) 231-0041. DON’T FAIL TO LET HIM KNOW I REFERRED YOU.

    ReplyDelete
  23. My name is David Gerard, and I desperately need to raise my credit score, I had a lot of issues with my credit, and no one has been able to help me until I came across PINNACLE CREDIT SPECIALIST. I used to be 573 but it's not my fault. My ex-wife used my credit to the point that I couldn’t get approved for any credit card. I implore you to get in touch with PINNACLE CREDIT SPECIALIST, he promised to fix my credit within 10 days. He got my scores up to 800’s across the three credit bureaus in less than 10 days and deleted all negative marks and collections including the public record. His fee is very affordable, the most interesting thing is that he kept to his words. Kindly hit him up on email: PINNACLECREDITSPECIALIST@GMAIL.COM Or call +1 (409) 231-0041.

    ReplyDelete
  24. If you're seeking reliable credit repair services, look no further than Pinnacle Credit Specialist. Their dedication to delivering exceptional results is genuinely unmatched.



    *Rating: * 5/5 stars



    *Credit Score Increase: * 100 points



    *Recommendation: * Highly recommended for anyone seeking effective credit repair solutions.

    ReplyDelete