swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #128 from termanix/AddNewLdapFlagActiveUsers 

Add New Ldap Flag --active-users
main
Marshall Hallenbeck 2023-11-28 11:49:55 -05:00 committed by GitHub
parent a6be6c1b07 d29bb7cf18
commit 388208d4ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
nxc/protocols/ldap.py
View File

@ -831,6 +831,34 @@ class ldap(connection):
self.logger.fail("Exception:", exc_info=True) self.logger.fail("Exception:", exc_info=True)
self.logger.fail(f"Skipping item, cannot process due to error {e}") self.logger.fail(f"Skipping item, cannot process due to error {e}")
def active_users(self):
# Building the search filter
search_filter = "(sAMAccountType=805306368)" if self.username != "" else "(objectclass=*)"
attributes = ["sAMAccountName", "userAccountControl"]
resp = self.search(search_filter, attributes, sizeLimit=0)
if resp:
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
sAMAccountName = ""
userAccountControl = ""
try:
if self.username == "":
self.logger.highlight(f"{item['objectName']}")
else:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
elif str(attribute["type"]) == "userAccountControl":
userAccountControl = int(attribute["vals"][0])
account_disabled = userAccountControl & 2
if not account_disabled:
self.logger.highlight(f"{sAMAccountName}")
except Exception as e:
self.logger.debug(f"Skipping item, cannot process due to error {e}")
return
def asreproast(self): def asreproast(self):
if self.password == "" and self.nthash == "" and self.kerberos is False: if self.password == "" and self.nthash == "" and self.kerberos is False:
return False return False

1
nxc/protocols/ldap/proto_args.py
View File

@ -24,6 +24,7 @@ def proto_args(parser, std_parser, module_parser):
vgroup.add_argument("--groups", action="store_true", help="Enumerate domain groups") vgroup.add_argument("--groups", action="store_true", help="Enumerate domain groups")
vgroup.add_argument("--dc-list", action="store_true", help="Enumerate Domain Controllers") vgroup.add_argument("--dc-list", action="store_true", help="Enumerate Domain Controllers")
vgroup.add_argument("--get-sid", action="store_true", help="Get domain sid") vgroup.add_argument("--get-sid", action="store_true", help="Get domain sid")
vgroup.add_argument("--active-users", action="store_true", help="Get Active Domain Users Accounts")
ggroup = ldap_parser.add_argument_group("Retrevie gmsa on the remote DC", "Options to play with gmsa") ggroup = ldap_parser.add_argument_group("Retrevie gmsa on the remote DC", "Options to play with gmsa")
ggroup.add_argument("--gmsa", action="store_true", help="Enumerate GMSA passwords") ggroup.add_argument("--gmsa", action="store_true", help="Enumerate GMSA passwords")