swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat(ldap): allow for adding additional attributes when querying for users

main
Marshall Hallenbeck 2024-03-20 22:23:26 -04:00 committed by Marshall Hallenbeck
parent 0eee328ea0
commit 762a9ac102
2 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nxc/protocols/ldap.py
View File

@ -759,7 +759,6 @@ class ldap(connection):
Args:
input_attributes (list): Optional. List of attributes to retrieve for each user.
TODO: allow users to pass this in
Returns:
None
@ -772,7 +771,8 @@ class ldap(connection):
search_filter = "(sAMAccountType=805306368)" if self.username != "" else "(objectclass=*)"
# default to these attributes to mirror the SMB --users functionality
request_attributes = self.args.ldap_attributes
default_attributes = ["sAMAccountName", "description", "pwdLastSet"]
request_attributes = default_attributes + self.args.ldap_attributes if self.args.ldap_attributes else default_attributes
self.logger.debug(f"{request_attributes=}")
resp = self.search(search_filter, request_attributes, sizeLimit=0)
@ -789,7 +789,7 @@ class ldap(connection):
users = parse_result_attributes(resp)
# we print the total records after we parse the results since often SearchResultReferences are returned
self.logger.display(f"Total records returned: {len(users):d}")
self.logger.highlight(f"{'Username':<30} {'Last PW Set':<20}\t{'Description'}") # header
self.logger.highlight(f"{'Username':<30} {'Last PW Set':<20}\t{'Description':<60} " + ' '.join(f"{a}" for a in self.args.ldap_attributes) if self.args.ldap_attributes else '')
for user in users:
self.logger.debug(f"{user=}")
# we default attributes to blank strings if they don't exist in the dict
@ -798,8 +798,7 @@ class ldap(connection):
parsed_pw_last_set = (start_date + timedelta(seconds=timestamp_seconds)).replace(microsecond=0).strftime("%Y-%m-%d %H:%M:%S")
if parsed_pw_last_set == "1601-01-01 00:00:00":
parsed_pw_last_set = "<never>"
self.logger.highlight(f"{user.get('sAMAccountName', ''):<30} {parsed_pw_last_set:<20}\t{user.get('description', '')}")
self.logger.highlight(f"{user.get('sAMAccountName', ''):<30} {parsed_pw_last_set:<20}\t{user.get('description', ''):<60} " + ' '.join(f"{user.get(a, '')}" for a in self.args.ldap_attributes) if self.args.ldap_attributes else '')
def groups(self):
# Building the search filter
search_filter = "(objectCategory=group)"

8
nxc/protocols/ldap/proto_args.py
View File

@ -1,4 +1,4 @@
from argparse import _StoreTrueAction
from argparse import _StoreTrueAction, Action
def proto_args(parser, std_parser, module_parser):
@ -25,8 +25,8 @@ def proto_args(parser, std_parser, module_parser):
vgroup.add_argument("--dc-list", action="store_true", help="Enumerate Domain Controllers")
vgroup.add_argument("--get-sid", action="store_true", help="Get domain sid")
vgroup.add_argument("--active-users", action="store_true", help="Get Active Domain Users Accounts")
vgroup.add_argument("--ldap-attributes", nargs="+", default=["sAMAccountName", "description", "pwdLastSet"], help="Attributes to search for")
vgroup.add_argument("--ldap-attributes", nargs="+", help="Additional attributes to search for (appends to default list)")
ggroup = ldap_parser.add_argument_group("Retrevie gmsa on the remote DC", "Options to play with gmsa")
ggroup.add_argument("--gmsa", action="store_true", help="Enumerate GMSA passwords")
ggroup.add_argument("--gmsa-convert-id", help="Get the secret name of specific gmsa or all gmsa if no gmsa provided")
@ -52,4 +52,4 @@ def get_conditional_action(baseAction):
x.required = True
super().__call__(parser, namespace, values, option_string)
return ConditionalAction
return ConditionalAction