fix/feat: remove unnecessary and ugly ldap-attributes functionality; add in badPwdCount to --users

nxc/protocols/ldap.py

@@ -773,11 +773,9 @@ class ldap(connection):
             search_filter = "(sAMAccountType=805306368)" if self.username != "" else "(objectclass=*)"
             
         # default to these attributes to mirror the SMB --users functionality
-        default_attributes = ["sAMAccountName", "description", "pwdLastSet"]
+        request_attributes = ["sAMAccountName", "description", "badPwdCount", "pwdLastSet"]       
-        request_attributes = default_attributes + self.args.ldap_attributes if self.args.ldap_attributes else default_attributes
-        self.logger.debug(f"{request_attributes=}")
-        
         resp = self.search(search_filter, request_attributes, sizeLimit=0)
+        
         if resp:
             # I think this was here for anonymous ldap bindings, so I kept it, but we might just want to remove it
             if self.username == "":
@@ -791,16 +789,16 @@ class ldap(connection):
             users = parse_result_attributes(resp)
             # we print the total records after we parse the results since often SearchResultReferences are returned
             self.logger.display(f"Total records returned: {len(users):d}")
-            self.logger.highlight(f"{'Username':<30} {'Last PW Set':<20}\t{'Description':<60} " + " ".join(f"{a}" for a in self.args.ldap_attributes) if self.args.ldap_attributes else "")
+            self.logger.highlight(f"{'-Username-':<30}{'-Last PW Set-':<20}{'-BadPW-':<8}{'-Description-':<60}")
             for user in users:
-                self.logger.debug(f"{user=}")
+                # TODO: functionize this - we do this calculation in a bunch of places, different, including in the `pso` module
-                # we default attributes to blank strings if they don't exist in the dict
                 timestamp_seconds = int(user.get("pwdLastSet", "")) / 10**7
                 start_date = datetime(1601, 1, 1)
                 parsed_pw_last_set = (start_date + timedelta(seconds=timestamp_seconds)).replace(microsecond=0).strftime("%Y-%m-%d %H:%M:%S")
                 if parsed_pw_last_set == "1601-01-01 00:00:00":
                     parsed_pw_last_set = "<never>"
-                self.logger.highlight(f"{user.get('sAMAccountName', ''):<30} {parsed_pw_last_set:<20}\t{user.get('description', ''):<60} " + " ".join(f"{user.get(a, '')}" for a in self.args.ldap_attributes) if self.args.ldap_attributes else "")
+                # we default attributes to blank strings if they don't exist in the dict
+                self.logger.highlight(f"{user.get('sAMAccountName', ''):<30}{parsed_pw_last_set:<20}{user.get('badPwdCount', ''):<8}{user.get('description', ''):<60}")
     def groups(self):
         # Building the search filter
         search_filter = "(objectCategory=group)"

nxc/protocols/ldap/proto_args.py

@@ -25,7 +25,6 @@ def proto_args(parser, std_parser, module_parser):
     vgroup.add_argument("--dc-list", action="store_true", help="Enumerate Domain Controllers")
     vgroup.add_argument("--get-sid", action="store_true", help="Get domain sid")
     vgroup.add_argument("--active-users", action="store_true", help="Get Active Domain Users Accounts")
-    vgroup.add_argument("--ldap-attributes", nargs="+", help="Additional attributes to search for (appends to default list)")
     
     ggroup = ldap_parser.add_argument_group("Retrevie gmsa on the remote DC", "Options to play with gmsa")
     ggroup.add_argument("--gmsa", action="store_true", help="Enumerate GMSA passwords")