swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Formating

main
Alexander Neff 2024-03-22 00:56:51 +01:00 committed by Marshall Hallenbeck
parent 6a4852e013
commit 14e7034352
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
nxc/protocols/ldap.py
View File

@ -373,7 +373,6 @@ class ldap(connection):
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}" used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
out = f"{domain}\\{self.username}{used_ccache} {self.mark_pwned()}" out = f"{domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
self.logger.extra["protocol"] = "LDAP" self.logger.extra["protocol"] = "LDAP"
self.logger.extra["port"] = "636" if (self.args.gmsa or self.port == 636) else "389" self.logger.extra["port"] = "636" if (self.args.gmsa or self.port == 636) else "389"
self.logger.success(out) self.logger.success(out)
@ -764,18 +763,18 @@ class ldap(connection):
Returns: Returns:
------- -------
None None
""" """
if len(self.args.users) > 1: if len(self.args.users) > 1:
self.logger.display(f"Trying to dumping users: {', '.join(self.args.users)}") self.logger.display(f"Trying to dumping users: {', '.join(self.args.users)}")
search_filter = f"(|{''.join(f'(sAMAccountName={user})' for user in self.args.users)})" search_filter = f"(|{''.join(f'(sAMAccountName={user})' for user in self.args.users)})"
else: else:
self.logger.info("Trying to dump all users") self.logger.info("Trying to dump all users")
search_filter = "(sAMAccountType=805306368)" if self.username != "" else "(objectclass=*)" search_filter = "(sAMAccountType=805306368)" if self.username != "" else "(objectclass=*)"
# default to these attributes to mirror the SMB --users functionality # default to these attributes to mirror the SMB --users functionality
request_attributes = ["sAMAccountName", "description", "badPwdCount", "pwdLastSet"] request_attributes = ["sAMAccountName", "description", "badPwdCount", "pwdLastSet"]
resp = self.search(search_filter, request_attributes, sizeLimit=0) resp = self.search(search_filter, request_attributes, sizeLimit=0)
if resp: if resp:
# I think this was here for anonymous ldap bindings, so I kept it, but we might just want to remove it # I think this was here for anonymous ldap bindings, so I kept it, but we might just want to remove it
if self.username == "": if self.username == "":
@ -785,7 +784,7 @@ class ldap(connection):
continue continue
self.logger.highlight(f"{item['objectName']}") self.logger.highlight(f"{item['objectName']}")
return return
users = parse_result_attributes(resp) users = parse_result_attributes(resp)
# we print the total records after we parse the results since often SearchResultReferences are returned # we print the total records after we parse the results since often SearchResultReferences are returned
self.logger.display(f"Total records returned: {len(users):d}") self.logger.display(f"Total records returned: {len(users):d}")
@ -799,6 +798,7 @@ class ldap(connection):
parsed_pw_last_set = "<never>" parsed_pw_last_set = "<never>"
# we default attributes to blank strings if they don't exist in the dict # we default attributes to blank strings if they don't exist in the dict
self.logger.highlight(f"{user.get('sAMAccountName', ''):<30}{parsed_pw_last_set:<20}{user.get('badPwdCount', ''):<8}{user.get('description', ''):<60}") self.logger.highlight(f"{user.get('sAMAccountName', ''):<30}{parsed_pw_last_set:<20}{user.get('badPwdCount', ''):<8}{user.get('description', ''):<60}")
def groups(self): def groups(self):
# Building the search filter # Building the search filter
search_filter = "(objectCategory=group)" search_filter = "(objectCategory=group)"
@ -867,7 +867,7 @@ class ldap(connection):
elif str(attribute["type"]) == "userAccountControl": elif str(attribute["type"]) == "userAccountControl":
userAccountControl = int(attribute["vals"][0]) userAccountControl = int(attribute["vals"][0])
account_disabled = userAccountControl & 2 account_disabled = userAccountControl & 2
if not account_disabled: if not account_disabled:
self.logger.highlight(f"{sAMAccountName}") self.logger.highlight(f"{sAMAccountName}")
except Exception as e: except Exception as e:
self.logger.debug(f"Skipping item, cannot process due to error {e}") self.logger.debug(f"Skipping item, cannot process due to error {e}")
@ -1404,4 +1404,3 @@ class ldap(connection):
if each_file.startswith(self.output_filename.split("/")[-1]) and each_file.endswith("json"): if each_file.startswith(self.output_filename.split("/")[-1]) and each_file.endswith("json"):
z.write(each_file) z.write(each_file)
os.remove(each_file) os.remove(each_file)