def get_netuser(domain_controller,
domain,
user,
password=str(),
lmhash=str(),
nthash=str(),
do_kerberos=False,
do_tls=False,
queried_username=str(),
queried_domain=str(),
ads_path=str(),
admin_count=False,
spn=False,
unconstrained=False,
allow_delegation=False,
preauth_notreq=False,
custom_filter=str(),
attributes=[]):
requester = NetRequester(domain_controller, domain, user, password, lmhash,
nthash, do_kerberos, do_tls)
return requester.get_netuser(queried_username=queried_username,
queried_domain=queried_domain,
ads_path=ads_path,
admin_count=admin_count,
spn=spn,
unconstrained=unconstrained,
allow_delegation=allow_delegation,
preauth_notreq=preauth_notreq,
custom_filter=custom_filter,
attributes=attributes)
def get_netuser(domain_controller, domain, user, password=str(), lmhash=str(),
nthash=str(), queried_username=str(), queried_domain=str(), ads_path=str(),
admin_count=False, spn=False, unconstrained=False, allow_delegation=False,
custom_filter=str()):
requester = NetRequester(domain_controller, domain, user, password,
lmhash, nthash)
return requester.get_netuser(queried_username=queried_username,
queried_domain=queried_domain, ads_path=ads_path, admin_count=admin_count,
spn=spn, unconstrained=unconstrained, allow_delegation=allow_delegation,
custom_filter=custom_filter)
def find_gpolocation(self,
queried_username=str(),
queried_groupname=str(),
queried_localgroup=str(),
queried_domain=str()):
results = list()
net_requester = NetRequester(self._domain_controller, self._domain,
self._user, self._password, self._lmhash,
self._nthash)
if queried_username:
try:
user = net_requester.get_netuser(
queried_username=queried_username,
queried_domain=queried_domain)[0]
except IndexError:
raise ValueError(
'Username \'{}\' was not found'.format(queried_username))
else:
target_sid = [user.objectsid]
object_sam_account_name = user.samaccountname
object_distinguished_name = user.distinguishedname
elif queried_groupname:
try:
group = net_requester.get_netgroup(
queried_groupname=queried_groupname,
queried_domain=queried_domain,
full_data=True)[0]
except IndexError:
raise ValueError('Group name \'{}\' was not found'.format(
queried_groupname))
else:
target_sid = [group.objectsid]
object_sam_account_name = group.samaccountname
object_distinguished_name = group.distinguishedname
else:
raise ValueError(
'You must specify either a username or a group name')
if 'admin' in queried_localgroup.lower():
local_sid = 'S-1-5-32-544'
elif 'rdp' in queried_localgroup.lower():
local_sid = 'S-1-5-32-555'
elif queried_localgroup.upper().startswith('S-1-5'):
local_sid = queried_localgroup
else:
raise ValueError('The queried local group must be in \'Administrators\', ' \
'\'RDP\', or a \'S-1-5\' type SID')
object_groups = net_requester.get_netgroup(
queried_username=object_sam_account_name,
queried_domain=queried_domain)
for object_group in object_groups:
try:
object_group_sid = net_requester.get_adobject(
queried_sam_account_name=object_group.samaccountname,
queried_domain=queried_domain)[0].objectsid
except IndexError:
# We may have the name of the group, but not its sam account name
try:
object_group_sid = net_requester.get_adobject(
queried_name=object_group.samaccountname,
queried_domain=queried_domain)[0].objectsid
except IndexError:
# Freak accident when someone is a member of a group, but
# we can't find the group in the AD
continue
target_sid.append(object_group_sid)
gpo_groups = list()
for gpo_group in self.get_netgpogroup(queried_domain=queried_domain):
try:
for member in gpo_group.members:
if not member.upper().startswith('S-1-5'):
try:
member = net_requester.get_adobject(
queried_sam_account_name=member,
queried_domain=queried_domain)[0].objectsid
except IndexError, AttributeError:
continue
if (member.upper() in target_sid) or (member.lower()
in target_sid):
if (local_sid.upper() in gpo_group.memberof) or \
(local_sid.lower() in gpo_group.memberof):
gpo_groups.append(gpo_group)
break
except AttributeError:
continue
for gpo_group in gpo_groups:
gpo_guid = gpo_group.gponame
ous = net_requester.get_netou(queried_domain=queried_domain,
queried_guid=gpo_guid,
full_data=True)
for ou in ous:
# TODO: support filters for GPO
ou_computers = [x.dnshostname for x in \
net_requester.get_netcomputer(queried_domain=queried_domain,
ads_path=ou.distinguishedname)]
gpo_location = GPOLocation(list())
setattr(gpo_location, 'objectname', object_distinguished_name)
setattr(gpo_location, 'gponame', gpo_group.gpodisplayname)
setattr(gpo_location, 'gpoguid', gpo_guid)
setattr(gpo_location, 'containername', ou.distinguishedname)
setattr(gpo_location, 'computers', ou_computers)
results.append(gpo_location)
return results
def find_gpolocation(self, queried_username=str(), queried_groupname=str(),
queried_localgroup=str(), queried_domain=str()):
results = list()
net_requester = NetRequester(self._domain_controller, self._domain, self._user,
self._password, self._lmhash, self._nthash)
if queried_username:
try:
user = net_requester.get_netuser(queried_username=queried_username,
queried_domain=queried_domain)[0]
except IndexError:
raise ValueError('Username \'{}\' was not found'.format(queried_username))
else:
target_sid = [user.objectsid]
object_sam_account_name = user.samaccountname
object_distinguished_name = user.distinguishedname
elif queried_groupname:
try:
group = net_requester.get_netgroup(queried_groupname=queried_groupname,
queried_domain=queried_domain,
full_data=True)[0]
except IndexError:
raise ValueError('Group name \'{}\' was not found'.format(queried_groupname))
else:
target_sid = [group.objectsid]
object_sam_account_name = group.samaccountname
object_distinguished_name = group.distinguishedname
else:
raise ValueError('You must specify either a username or a group name')
if 'admin' in queried_localgroup.lower():
local_sid = 'S-1-5-32-544'
elif 'rdp' in queried_localgroup.lower():
local_sid = 'S-1-5-32-555'
elif queried_localgroup.upper().startswith('S-1-5'):
local_sid = queried_localgroup
else:
raise ValueError('The queried local group must be in \'Administrators\', ' \
'\'RDP\', or a \'S-1-5\' type SID')
object_groups = net_requester.get_netgroup(queried_username=object_sam_account_name,
queried_domain=queried_domain)
for object_group in object_groups:
try:
object_group_sid = net_requester.get_adobject(queried_sam_account_name=object_group.samaccountname,
queried_domain=queried_domain)[0].objectsid
except IndexError:
# We may have the name of the group, but not its sam account name
object_group_sid = net_requester.get_adobject(queried_name=object_group.samaccountname,
queried_domain=queried_domain)[0].objectsid
target_sid.append(object_group_sid)
gpo_groups = list()
for gpo_group in self.get_netgpogroup():
try:
for member in gpo_group.members:
if not member.upper().startswith('S-1-5'):
try:
member = net_requester.get_adobject(queried_sam_account_name=member,
queried_domain=queried_domain)[0].objectsid
except IndexError, AttributeError:
continue
if (member.upper() in target_sid) or (member.lower() in target_sid):
if (local_sid.upper() in gpo_group.memberof) or \
(local_sid.lower() in gpo_group.memberof):
gpo_groups.append(gpo_group)
break
except AttributeError:
continue
for gpo_group in gpo_groups:
gpo_guid = gpo_group.gponame
ous = net_requester.get_netou(queried_domain=queried_domain,
queried_guid=gpo_guid, full_data=True)
for ou in ous:
# TODO: support filters for GPO
ou_computers = [x.dnshostname for x in \
net_requester.get_netcomputer(queried_domain=queried_domain,
ads_path=ou.distinguishedname)]
gpo_location = GPOLocation(list())
setattr(gpo_location, 'objectname', object_distinguished_name)
setattr(gpo_location, 'gponame', gpo_group.gpodisplayname)
setattr(gpo_location, 'gpoguid', gpo_guid)
setattr(gpo_location, 'containername', ou.distinguishedname)
setattr(gpo_location, 'computers', ou_computers)
results.append(gpo_location)
return results
