Update ntds dump with option user and enabled #455

main
mpgn 2022-07-08 04:47:27 -04:00
parent 73b945341f
commit fad860df43
1 changed files with 12 additions and 3 deletions

View File

@ -162,6 +162,10 @@ class smb(connection):
#cgroup.add_argument("--ntds-history", action='store_true', help='Dump NTDS.dit password history')
#cgroup.add_argument("--ntds-pwdLastSet", action='store_true', help='Shows the pwdLastSet attribute for each NTDS.dit account')
ngroup = smb_parser.add_argument_group("Credential Gathering", "Options for gathering credentials")
ngroup.add_argument("--enabled", action='store_true', help='Only dump enabled targets from DC')
ngroup.add_argument("--user", dest='userntds', type=str, help='Dump selected user from DC')
egroup = smb_parser.add_argument_group("Mapping/Enumeration", "Options for Mapping/Enumerating")
egroup.add_argument("--shares", action="store_true", help="enumerate shares and access")
egroup.add_argument("--sessions", action='store_true', help='enumerate active sessions')
@ -1122,6 +1126,11 @@ class smb(connection):
def add_ntds_hash(ntds_hash, host_id):
add_ntds_hash.ntds_hashes += 1
if "Enabled" in ntds_hash and self.args.enabled:
ntds_hash = ntds_hash.split(" ")[0]
self.logger.highlight(ntds_hash)
else:
ntds_hash = ntds_hash.split(" ")[0]
self.logger.highlight(ntds_hash)
if ntds_hash.find('$') == -1:
if ntds_hash.find('\\') != -1:
@ -1163,7 +1172,7 @@ class smb(connection):
NTDS = NTDSHashes(NTDSFileName, self.bootkey, isRemote=True, history=False, noLMHash=True,
remoteOps=self.remote_ops, useVSSMethod=use_vss_method, justNTLM=True,
pwdLastSet=False, resumeSession=None, outputFileName=self.output_filename,
justUser=None, printUserStatus=False,
justUser=self.args.userntds if self.args.userntds else None, printUserStatus=True,
perSecretCallback = lambda secretType, secret : add_ntds_hash(secret, host_id))
try: