Merge pull request #128 from termanix/AddNewLdapFlagActiveUsers

Add New Ldap Flag --active-users
2023-11-28 11:49:55 -05:00 · 2023-11-28 11:49:55 -05:00 · 388208d4ea
parent a6be6c1b07 d29bb7cf18
commit 388208d4ea
2 changed files with 29 additions and 0 deletions
--- a/nxc/protocols/ldap.py
+++ b/nxc/protocols/ldap.py
@ -831,6 +831,34 @@ class ldap(connection):
                self.logger.fail("Exception:", exc_info=True)
                self.logger.fail(f"Skipping item, cannot process due to error {e}")

+    def active_users(self):
+        # Building the search filter
+        search_filter = "(sAMAccountType=805306368)" if self.username != "" else "(objectclass=*)"
+        attributes = ["sAMAccountName", "userAccountControl"]
+
+        resp = self.search(search_filter, attributes, sizeLimit=0)
+        if resp:
+            for item in resp:
+                if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
+                    continue
+                sAMAccountName = ""
+                userAccountControl = ""
+                try:
+                    if self.username == "":
+                        self.logger.highlight(f"{item['objectName']}")
+                    else:
+                        for attribute in item["attributes"]:
+                            if str(attribute["type"]) == "sAMAccountName":
+                                sAMAccountName = str(attribute["vals"][0])
+                            elif str(attribute["type"]) == "userAccountControl":
+                                userAccountControl = int(attribute["vals"][0])
+                                account_disabled = userAccountControl & 2
+                        if not account_disabled: 
+                            self.logger.highlight(f"{sAMAccountName}")
+                except Exception as e:
+                    self.logger.debug(f"Skipping item, cannot process due to error {e}")
+            return
+
    def asreproast(self):
        if self.password == "" and self.nthash == "" and self.kerberos is False:
            return False
--- a/nxc/protocols/ldap/proto_args.py
+++ b/nxc/protocols/ldap/proto_args.py
@ -24,6 +24,7 @@ def proto_args(parser, std_parser, module_parser):
    vgroup.add_argument("--groups", action="store_true", help="Enumerate domain groups")
    vgroup.add_argument("--dc-list", action="store_true", help="Enumerate Domain Controllers")
    vgroup.add_argument("--get-sid", action="store_true", help="Get domain sid")
+    vgroup.add_argument("--active-users", action="store_true", help="Get Active Domain Users Accounts")

    ggroup = ldap_parser.add_argument_group("Retrevie gmsa on the remote DC", "Options to play with gmsa")
    ggroup.add_argument("--gmsa", action="store_true", help="Enumerate GMSA passwords")