NetExec/cme/protocols/smb/passpol.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#Stolen from https://github.com/Wh1t3Fox/polenum

import logging
from impacket.dcerpc.v5.rpcrt import DCERPC_v5
from impacket.dcerpc.v5 import transport, samr 
from impacket.dcerpc.v5.samr import DCERPCSessionError
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket import ntlm
from time import strftime, gmtime

def d2b(a):
    tbin = []
    while a:
        tbin.append(a % 2)
        a //= 2

    t2bin = tbin[::-1]
    if len(t2bin) != 8:
        for x in range(6 - len(t2bin)):
            t2bin.insert(0, 0)
    return ''.join([str(g) for g in t2bin])


def convert(low, high, lockout=False):
    time = ""
    tmp = 0

    if low == 0 and hex(high) == "-0x80000000":
        return "Not Set"
    if low == 0 and high == 0:
        return "None"

    if not lockout:
        if (low != 0):
            high = abs(high+1)
        else:
            high = abs(high)
            low = abs(low)

        tmp = low + (high)*16**8  # convert to 64bit int
        tmp *= (1e-7)  # convert to seconds
    else:
        tmp = abs(high) * (1e-7)

    try:
        minutes = int(strftime("%M", gmtime(tmp)))
        hours = int(strftime("%H", gmtime(tmp)))
        days = int(strftime("%j", gmtime(tmp)))-1
    except ValueError as e:
        return "[-] Invalid TIME"

    if days > 1:
        time += "{0} days ".format(days)
    elif days == 1:
        time += "{0} day ".format(days)
    if hours > 1:
        time += "{0} hours ".format(hours)
    elif hours == 1:
        time += "{0} hour ".format(hours)
    if minutes > 1:
        time += "{0} minutes ".format(minutes)
    elif minutes == 1:
        time += "{0} minute ".format(minutes)
    return time


class PassPolDump:

    KNOWN_PROTOCOLS = {
        '139/SMB': (r'ncacn_np:%s[\pipe\samr]', 139),
        '445/SMB': (r'ncacn_np:%s[\pipe\samr]', 445),
    }

    def __init__(self, connection):
        self.logger = connection.logger
        self.addr = connection.host if not connection.kerberos else connection.hostname + '.' + connection.domain
        self.protocol = connection.args.port
        self.username = connection.username
        self.password = connection.password
        self.domain = connection.domain
        self.hash = connection.hash
        self.lmhash = ''
        self.nthash = ''
        self.aesKey = None
        self.doKerberos = connection.kerberos
        self.protocols = PassPolDump.KNOWN_PROTOCOLS.keys()
        self.pass_pol = {}

        if self.hash is not None:
            if self.hash.find(':') != -1:
                self.lmhash, self.nthash = self.hash.split(':')
            else:
                self.nthash = self.hash
        
        if self.password is None:
            self.password = ''

    def dump(self):

        # Try all requested protocols until one works.
        for protocol in self.protocols:
            try:
                protodef = PassPolDump.KNOWN_PROTOCOLS[protocol]
                port = protodef[1]
            except KeyError:
                logging.debug("Invalid Protocol '{}'".format(protocol))
            logging.debug("Trying protocol {}".format(protocol))
            rpctransport = transport.SMBTransport(self.addr, port, r'\samr', self.username, self.password, self.domain, 
                                                  self.lmhash, self.nthash, self.aesKey, doKerberos = self.doKerberos)
            try:
                self.fetchList(rpctransport)
            except Exception as e:
                logging.debug('Protocol failed: {}'.format(e))
            else:
                # Got a response. No need for further iterations.
                self.pretty_print()
                break

        return self.pass_pol

    def fetchList(self, rpctransport):
        dce = DCERPC_v5(rpctransport)
        dce.connect()
        dce.bind(samr.MSRPC_UUID_SAMR)

        # Setup Connection
        resp = samr.hSamrConnect2(dce)
        if resp['ErrorCode'] != 0:
            raise Exception('Connect error')

        resp2 = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle=resp['ServerHandle'],
                                                      enumerationContext=0,
                                                      preferedMaximumLength=500)
        if resp2['ErrorCode'] != 0:
            raise Exception('Connect error')

        resp3 = samr.hSamrLookupDomainInSamServer(dce, serverHandle=resp['ServerHandle'],
                                                  name=resp2['Buffer']['Buffer'][0]['Name'])
        if resp3['ErrorCode'] != 0:
            raise Exception('Connect error')

        resp4 = samr.hSamrOpenDomain(dce, serverHandle=resp['ServerHandle'],
                                     desiredAccess=samr.MAXIMUM_ALLOWED,
                                     domainId=resp3['DomainId'])
        if resp4['ErrorCode'] != 0:
            raise Exception('Connect error')

        self.__domains = resp2['Buffer']['Buffer']
        domainHandle = resp4['DomainHandle']
        # End Setup

        re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
                                               domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation)
        self.__min_pass_len = re['Buffer']['Password']['MinPasswordLength'] or "None"
        self.__pass_hist_len = re['Buffer']['Password']['PasswordHistoryLength'] or "None"
        self.__max_pass_age = convert(int(re['Buffer']['Password']['MaxPasswordAge']['LowPart']), int(re['Buffer']['Password']['MaxPasswordAge']['HighPart']))
        self.__min_pass_age = convert(int(re['Buffer']['Password']['MinPasswordAge']['LowPart']), int(re['Buffer']['Password']['MinPasswordAge']['HighPart']))
        self.__pass_prop = d2b(re['Buffer']['Password']['PasswordProperties'])

        re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
                                               domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation)
        self.__rst_accnt_lock_counter = convert(0, re['Buffer']['Lockout']['LockoutObservationWindow'], lockout=True)
        self.__lock_accnt_dur = convert(0, re['Buffer']['Lockout']['LockoutDuration'], lockout=True)
        self.__accnt_lock_thres = re['Buffer']['Lockout']['LockoutThreshold'] or "None"

        re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
                                               domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation)
        self.__force_logoff_time = convert(re['Buffer']['Logoff']['ForceLogoff']['LowPart'], re['Buffer']['Logoff']['ForceLogoff']['HighPart'])

        self.pass_pol = {'min_pass_len': self.__min_pass_len, 'pass_hist_len': self.__pass_hist_len, 
                         'max_pass_age': self.__max_pass_age, 'min_pass_age': self.__min_pass_age, 
                         'pass_prop': self.__pass_prop, 'rst_accnt_lock_counter': self.__rst_accnt_lock_counter,
                         'lock_accnt_dur': self.__lock_accnt_dur, 'accnt_lock_thres': self.__accnt_lock_thres,
                         'force_logoff_time': self.__force_logoff_time}

        dce.disconnect()

    def pretty_print(self):

        PASSCOMPLEX = {
            5: 'Domain Password Complex:',
            4: 'Domain Password No Anon Change:',
            3: 'Domain Password No Clear Change:',
            2: 'Domain Password Lockout Admins:',
            1: 'Domain Password Store Cleartext:',
            0: 'Domain Refuse Password Change:'
        }

        logging.debug('Found domain(s):')
        for domain in self.__domains:
            logging.debug('{}'.format(domain['Name']))

        self.logger.success("Dumping password info for domain: {}".format(self.__domains[0]['Name']))

        self.logger.highlight("Minimum password length: {}".format(self.__min_pass_len))
        self.logger.highlight("Password history length: {}".format(self.__pass_hist_len))
        self.logger.highlight("Maximum password age: {}".format(self.__max_pass_age))
        self.logger.highlight('')
        self.logger.highlight("Password Complexity Flags: {}".format(self.__pass_prop or "None"))

        for i, a in enumerate(self.__pass_prop):
            self.logger.highlight("\t{} {}".format(PASSCOMPLEX[i], str(a)))

        self.logger.highlight('')
        self.logger.highlight("Minimum password age: {}".format(self.__min_pass_age))
        self.logger.highlight("Reset Account Lockout Counter: {}".format(self.__rst_accnt_lock_counter))
        self.logger.highlight("Locked Account Duration: {}".format(self.__lock_accnt_dur))
        self.logger.highlight("Account Lockout Threshold: {}".format(self.__accnt_lock_thres))
        self.logger.highlight("Forced Log off Time: {}".format(self.__force_logoff_time))
Adding shebang and encoding utf-8 for all python files 2022-07-18 23:59:14 +00:00			`#!/usr/bin/env python3`
			`# -- coding: utf-8 --`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`#Stolen from https://github.com/Wh1t3Fox/polenum`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Add conditional check on the func login() - modules, options will no longer be loaded if authentication fails - add some try catch and fix some problem with the debug on the passpolicy class 2020-06-20 22:16:37 +00:00			`import logging`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`from impacket.dcerpc.v5.rpcrt import DCERPC_v5`
Add conditional check on the func login() - modules, options will no longer be loaded if authentication fails - add some try catch and fix some problem with the debug on the passpolicy class 2020-06-20 22:16:37 +00:00			`from impacket.dcerpc.v5 import transport, samr`
			`from impacket.dcerpc.v5.samr import DCERPCSessionError`
			`from impacket.dcerpc.v5.rpcrt import DCERPCException`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`from impacket import ntlm`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00			`from time import strftime, gmtime`

Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`def d2b(a):`
			`tbin = []`
			`while a:`
			`tbin.append(a % 2)`
Fix option --pass-pol in python3 error due to : python2 => 1 / 2 = 0 python3 => 1 / 2 = 0.5 python3 => 1 // 2 = 0 2019-11-12 18:33:14 +00:00			`a //= 2`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00
			`t2bin = tbin[::-1]`
			`if len(t2bin) != 8:`
Migrate function to python3 * --shares -> OK * --sessions -> OK * --disks -> OK * --loggedon-users -> OK * --users -> Not tested * --rid-brute -> OK * --groups -> Not tested * --local-groups -> OK * --pass-pol -> OK 2019-11-11 10:06:39 +00:00			`for x in range(6 - len(t2bin)):`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`t2bin.insert(0, 0)`
			`return ''.join([str(g) for g in t2bin])`


			`def convert(low, high, lockout=False):`
			`time = ""`
			`tmp = 0`

			`if low == 0 and hex(high) == "-0x80000000":`
			`return "Not Set"`
			`if low == 0 and high == 0:`
			`return "None"`

			`if not lockout:`
			`if (low != 0):`
			`high = abs(high+1)`
			`else:`
			`high = abs(high)`
			`low = abs(low)`

Fix pass policy max password age #435 2020-11-27 20:51:09 +00:00			`tmp = low + (high)16*8 # convert to 64bit int`
			`tmp *= (1e-7) # convert to seconds`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`else:`
			`tmp = abs(high) * (1e-7)`

			`try:`
			`minutes = int(strftime("%M", gmtime(tmp)))`
			`hours = int(strftime("%H", gmtime(tmp)))`
			`days = int(strftime("%j", gmtime(tmp)))-1`
			`except ValueError as e:`
			`return "[-] Invalid TIME"`

			`if days > 1:`
			`time += "{0} days ".format(days)`
			`elif days == 1:`
			`time += "{0} day ".format(days)`
			`if hours > 1:`
			`time += "{0} hours ".format(hours)`
			`elif hours == 1:`
			`time += "{0} hour ".format(hours)`
			`if minutes > 1:`
			`time += "{0} minutes ".format(minutes)`
			`elif minutes == 1:`
			`time += "{0} minute ".format(minutes)`
			`return time`

Fix pass policy max password age #435 2020-11-27 20:51:09 +00:00
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00			`class PassPolDump:`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00			`KNOWN_PROTOCOLS = {`
			`'139/SMB': (r'ncacn_np:%s[\pipe\samr]', 139),`
			`'445/SMB': (r'ncacn_np:%s[\pipe\samr]', 445),`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`}`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
			`def __init__(self, connection):`
			`self.logger = connection.logger`
add fqdn to kerberos option 2023-02-12 14:07:57 +00:00			`self.addr = connection.host if not connection.kerberos else connection.hostname + '.' + connection.domain`
Fixed HTTP protocol exiting during setup and pass pol enumeration 2017-05-05 21:10:42 +00:00			`self.protocol = connection.args.port`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00			`self.username = connection.username`
			`self.password = connection.password`
			`self.domain = connection.domain`
			`self.hash = connection.hash`
			`self.lmhash = ''`
			`self.nthash = ''`
			`self.aesKey = None`
Fix ccache kerberos auth using rpc 2023-02-08 11:09:52 +00:00			`self.doKerberos = connection.kerberos`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`self.protocols = PassPolDump.KNOWN_PROTOCOLS.keys()`
			`self.pass_pol = {}`
Fixes #182 2017-06-23 18:15:09 +00:00
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00			`if self.hash is not None:`
Fixes #182 2017-06-23 18:15:09 +00:00			`if self.hash.find(':') != -1:`
			`self.lmhash, self.nthash = self.hash.split(':')`
			`else:`
			`self.nthash = self.hash`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
			`if self.password is None:`
			`self.password = ''`

Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`def dump(self):`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`# Try all requested protocols until one works.`
			`for protocol in self.protocols:`
			`try:`
			`protodef = PassPolDump.KNOWN_PROTOCOLS[protocol]`
			`port = protodef[1]`
			`except KeyError:`
Add conditional check on the func login() - modules, options will no longer be loaded if authentication fails - add some try catch and fix some problem with the debug on the passpolicy class 2020-06-20 22:16:37 +00:00			`logging.debug("Invalid Protocol '{}'".format(protocol))`
			`logging.debug("Trying protocol {}".format(protocol))`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`rpctransport = transport.SMBTransport(self.addr, port, r'\samr', self.username, self.password, self.domain,`
			`self.lmhash, self.nthash, self.aesKey, doKerberos = self.doKerberos)`
			`try:`
			`self.fetchList(rpctransport)`
			`except Exception as e:`
Add conditional check on the func login() - modules, options will no longer be loaded if authentication fails - add some try catch and fix some problem with the debug on the passpolicy class 2020-06-20 22:16:37 +00:00			`logging.debug('Protocol failed: {}'.format(e))`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`else:`
			`# Got a response. No need for further iterations.`
			`self.pretty_print()`
			`break`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`return self.pass_pol`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`def fetchList(self, rpctransport):`
			`dce = DCERPC_v5(rpctransport)`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00			`dce.connect()`
			`dce.bind(samr.MSRPC_UUID_SAMR)`

Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`# Setup Connection`
			`resp = samr.hSamrConnect2(dce)`
			`if resp['ErrorCode'] != 0:`
			`raise Exception('Connect error')`

			`resp2 = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle=resp['ServerHandle'],`
			`enumerationContext=0,`
			`preferedMaximumLength=500)`
			`if resp2['ErrorCode'] != 0:`
			`raise Exception('Connect error')`

			`resp3 = samr.hSamrLookupDomainInSamServer(dce, serverHandle=resp['ServerHandle'],`
			`name=resp2['Buffer']['Buffer'][0]['Name'])`
			`if resp3['ErrorCode'] != 0:`
			`raise Exception('Connect error')`

			`resp4 = samr.hSamrOpenDomain(dce, serverHandle=resp['ServerHandle'],`
			`desiredAccess=samr.MAXIMUM_ALLOWED,`
			`domainId=resp3['DomainId'])`
			`if resp4['ErrorCode'] != 0:`
			`raise Exception('Connect error')`

			`self.__domains = resp2['Buffer']['Buffer']`
			`domainHandle = resp4['DomainHandle']`
			`# End Setup`

			`re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,`
			`domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation)`
			`self.__min_pass_len = re['Buffer']['Password']['MinPasswordLength'] or "None"`
			`self.__pass_hist_len = re['Buffer']['Password']['PasswordHistoryLength'] or "None"`
			`self.__max_pass_age = convert(int(re['Buffer']['Password']['MaxPasswordAge']['LowPart']), int(re['Buffer']['Password']['MaxPasswordAge']['HighPart']))`
			`self.__min_pass_age = convert(int(re['Buffer']['Password']['MinPasswordAge']['LowPart']), int(re['Buffer']['Password']['MinPasswordAge']['HighPart']))`
			`self.__pass_prop = d2b(re['Buffer']['Password']['PasswordProperties'])`

			`re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,`
			`domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation)`
			`self.__rst_accnt_lock_counter = convert(0, re['Buffer']['Lockout']['LockoutObservationWindow'], lockout=True)`
			`self.__lock_accnt_dur = convert(0, re['Buffer']['Lockout']['LockoutDuration'], lockout=True)`
			`self.__accnt_lock_thres = re['Buffer']['Lockout']['LockoutThreshold'] or "None"`

			`re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,`
			`domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation)`
			`self.__force_logoff_time = convert(re['Buffer']['Logoff']['ForceLogoff']['LowPart'], re['Buffer']['Logoff']['ForceLogoff']['HighPart'])`

			`self.pass_pol = {'min_pass_len': self.__min_pass_len, 'pass_hist_len': self.__pass_hist_len,`
			`'max_pass_age': self.__max_pass_age, 'min_pass_age': self.__min_pass_age,`
			`'pass_prop': self.__pass_prop, 'rst_accnt_lock_counter': self.__rst_accnt_lock_counter,`
			`'lock_accnt_dur': self.__lock_accnt_dur, 'accnt_lock_thres': self.__accnt_lock_thres,`
			`'force_logoff_time': self.__force_logoff_time}`

Fix and add a lot, check commit message Update LDAP proto: - can fetch a LDAP domain from an account from another domain (trust relation between forest) - fix sizeLimit to unlimited on LDAP queries - fix little mistake in LDAP modules Update SMB proto: - fix users function when DC is vulnerable to NULL SESSION - add SAMRPC function to fetch users on the domain - add option --computers to fetch all computers Update CLI - add function export, but it's not tested 2021-06-24 18:37:54 +00:00			`dce.disconnect()`

Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`def pretty_print(self):`

			`PASSCOMPLEX = {`
			`5: 'Domain Password Complex:',`
			`4: 'Domain Password No Anon Change:',`
			`3: 'Domain Password No Clear Change:',`
			`2: 'Domain Password Lockout Admins:',`
			`1: 'Domain Password Store Cleartext:',`
			`0: 'Domain Refuse Password Change:'`
			`}`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Add conditional check on the func login() - modules, options will no longer be loaded if authentication fails - add some try catch and fix some problem with the debug on the passpolicy class 2020-06-20 22:16:37 +00:00			`logging.debug('Found domain(s):')`
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`for domain in self.__domains:`
Add conditional check on the func login() - modules, options will no longer be loaded if authentication fails - add some try catch and fix some problem with the debug on the passpolicy class 2020-06-20 22:16:37 +00:00			`logging.debug('{}'.format(domain['Name']))`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`self.logger.success("Dumping password info for domain: {}".format(self.__domains[0]['Name']))`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`self.logger.highlight("Minimum password length: {}".format(self.__min_pass_len))`
			`self.logger.highlight("Password history length: {}".format(self.__pass_hist_len))`
			`self.logger.highlight("Maximum password age: {}".format(self.__max_pass_age))`
			`self.logger.highlight('')`
			`self.logger.highlight("Password Complexity Flags: {}".format(self.__pass_prop or "None"))`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`for i, a in enumerate(self.__pass_prop):`
			`self.logger.highlight("\t{} {}".format(PASSCOMPLEX[i], str(a)))`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00
Fixed content spidering and password policy enumeration - Added enumeration for password complexity (resolves #135) 2017-04-10 07:24:23 +00:00			`self.logger.highlight('')`
			`self.logger.highlight("Minimum password age: {}".format(self.__min_pass_age))`
			`self.logger.highlight("Reset Account Lockout Counter: {}".format(self.__rst_accnt_lock_counter))`
			`self.logger.highlight("Locked Account Duration: {}".format(self.__lock_accnt_dur))`
			`self.logger.highlight("Account Lockout Threshold: {}".format(self.__accnt_lock_thres))`
			`self.logger.highlight("Forced Log off Time: {}".format(self.__force_logoff_time))`