async def list_group_members(self, domain_name, group_name): try: _, err = await self.connect_rpc('SAMR') if err is not None: raise err _, err = await self.connect_rpc('LSAD') if err is not None: raise err policy_handle, _ = await rr(self.named_rpcs['LSAD'].open_policy2()) domain_sid, _ = await rr( self.named_rpcs['SAMR'].get_domain_sid(domain_name)) domain_handle, _ = await rr( self.named_rpcs['SAMR'].open_domain(domain_sid)) target_group_rid = None async for name, rid, _ in rr_gen( self.named_rpcs['SAMR'].list_aliases(domain_handle)): if name == group_name: target_group_rid = rid break if target_group_rid is None: raise Exception('No group found with name "%s"' % group_name) alias_handle, _ = await rr(self.named_rpcs['SAMR'].open_alias( domain_handle, target_group_rid)) async for sid, _ in rr_gen( self.named_rpcs['SAMR'].list_alias_members(alias_handle)): async for domain_name, user_name, _ in rr_gen( self.named_rpcs['LSAD'].lookup_sids( policy_handle, [sid])): yield domain_name, user_name, sid, None except Exception as e: yield None, None, None, e
async def list_domain_users(self, target_domain=None): try: _, err = await self.connect_rpc('SAMR') if err is not None: raise err if target_domain is None: logger.debug('No domain defined, fetching it from SAMR') logger.debug('Fetching domains...') async for domain, _ in rr_gen( self.named_rpcs['SAMR'].list_domains()): if domain == 'Builtin': continue if target_domain is None: #using th first available target_domain = domain logger.debug('Domain available: %s' % domain) domain_sid, _ = await self.named_rpcs['SAMR'].get_domain_sid( target_domain) domain_handle, _ = await self.named_rpcs['SAMR'].open_domain( domain_sid) async for username, user_sid, err in self.named_rpcs[ 'SAMR'].list_domain_users(domain_handle): yield username, user_sid, err except Exception as e: yield None, None, e
async def list_sessions(self, level=10): async for username, ip_addr, _ in rr_gen( self.srvs.list_sessions(level=level)): sess = SMBUserSession(username=username, ip_addr=ip_addr.replace('\\', '').strip()) self.sessions.append(sess) yield sess, None
async def list_group_members(self, domain_name, group_name): policy_handle, _ = await rr(self.lsad.open_policy2()) domain_sid, _ = await rr(self.samr.get_domain_sid(domain_name)) domain_handle, _ = await rr(self.samr.open_domain(domain_sid)) target_group_rid = None async for name, rid, _ in rr_gen(self.samr.list_aliases(domain_handle)): if name == group_name: target_group_rid = rid break if target_group_rid is None: raise Exception('No group found with name "%s"' % group_name) alias_handle, _ = await rr(self.samr.open_alias(domain_handle, target_group_rid)) async for sid, _ in rr_gen(self.samr.list_alias_members(alias_handle)): async for domain_name, user_name, _ in rr_gen(self.lsad.lookup_sids(policy_handle, [sid])): yield domain_name, user_name, sid, None
async def list_shares(self): async for name, share_type, remark, _ in rr_gen(self.srvs.list_shares()): share = SMBShare( name = name, stype = share_type, remark = remark, fullpath = '\\\\%s\\%s' % (self.connection.target.get_hostname_or_ip(), name) ) #self.shares.append(share) yield share, None
async def list_groups(self, domain_name, ret_sid = True): """ Lists all groups in a given domain. domain_name: string """ domain_sid, _ = await rr(self.samr.get_domain_sid(domain_name)) domain_handle, _ = await rr(self.samr.open_domain(domain_sid)) #target_group_rids = {} async for name, rid, _ in rr_gen(self.samr.list_aliases(domain_handle)): sid = '%s-%s' % (domain_sid, rid) yield name, sid, None
async def list_services(self): try: _, err = await self.connect_rpc('SERVICEMGR') if err is not None: raise err async for service, _ in rr_gen( self.named_rpcs['SERVICEMGR'].list()): yield service, None except Exception as e: yield None, e
async def list_domain_users(self, target_domain=None): if target_domain is None: logger.debug('No domain defined, fetching it from SAMR') logger.debug('Fetching domains...') async for domain, _ in rr_gen(self.samr.list_domains()): if domain == 'Builtin': continue if target_domain is None: #using th first available target_domain = domain logger.debug('Domain available: %s' % domain) domain_sid, _ = await self.samr.get_domain_sid(target_domain) domain_handle, _ = await self.samr.open_domain(domain_sid) async for username, user_sid, err in self.samr.list_domain_users( domain_handle): yield username, user_sid, err
async def list_groups(self, domain_name, ret_sid=True): """ Lists all groups in a given domain. domain_name: string """ try: _, err = await self.connect_rpc('SAMR') if err is not None: raise err domain_sid, _ = await rr( self.named_rpcs['SAMR'].get_domain_sid(domain_name)) domain_handle, _ = await rr( self.named_rpcs['SAMR'].open_domain(domain_sid)) async for name, rid, _ in rr_gen( self.named_rpcs['SAMR'].list_aliases(domain_handle)): sid = '%s-%s' % (domain_sid, rid) yield name, sid, None except Exception as e: yield None, None, e
async def dcsync(self, target_domain = None, target_users = []): if target_domain is None: logger.debug('No domain defined, fetching it from SAMR') logger.debug('Fetching domains...') async for domain, _ in rr_gen(self.samr.list_domains()): if domain == 'Builtin': continue if target_domain is None: #using th first available target_domain = domain logger.debug('Domain available: %s' % domain) async with SMBDRSUAPI(self.connection, target_domain) as drsuapi: try: await rr(drsuapi.connect()) await rr(drsuapi.open()) except Exception as e: logger.exception('Failed to connect to DRSUAPI!') raise e logger.debug('Using domain: %s' % target_domain) if len(target_users) > 0: for username in target_users: secrets, _ = await drsuapi.get_user_secrets(username) yield secrets else: domain_sid, _ = await self.samr.get_domain_sid(target_domain) domain_handle, _ = await self.samr.open_domain(domain_sid) async for username, user_sid, err in self.samr.list_domain_users(domain_handle): if err is not None: yield None, err logger.debug('username: %s' % username) secrets, _ = await rr(drsuapi.get_user_secrets(username)) logger.debug('secrets: %s' % secrets) yield secrets, None
async def list_services(self): async for service, _ in rr_gen(self.servicemanager.list()): yield service, None
async def list_localgroups(self): async for name, sid, _ in rr_gen(self.list_groups('Builtin')): yield name, sid, None
async def list_domains(self): async for domain, _ in rr_gen(self.samr.list_domains()): #self.domains.append(domain) yield domain, None