swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
NetExec/core/uacdump.py

29 lines
1.2 KiB
Python
Raw Blame History

from scripts.secretsdump import RemoteOperations
from impacket.dcerpc.v5 import rrp
class UACdump:
def __init__(self, logger, smbconnection, doKerb):
self.logger = logger
self.smbconnection = smbconnection
self.peer = ':'.join(map(str, smbconnection.getSMBServer().get_socket().getpeername()))
self.doKerb = doKerb
def run(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
keyHandle = ans['phkResult']
dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')
self.logger.success("Enumerating UAC status")
if uac_value == 1:
self.logger.results('1 - UAC Enabled')
elif uac_value == 0:
self.logger.results('0 - UAC Disabled')
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()
Reference in New Issue View Git Blame Copy Permalink