Ejemplos de LdapCon.computer_query en Python

Ejemplo n.º 1

def main(args, config_obj, db_obj, loggers):
    logger = loggers['console']
    try:
        query = LdapCon(args.user, args.passwd, args.hash, args.domain,
                        args.srv, args.timeout)
        query.create_ldap_con()
        logger.success([
            'LDAP Connection',
            'Connection established (server: {}) (LDAPS: {})'.format(
                query.host, query.ldaps)
        ])

        # Users
        if args.lookup_type in ['user', 'users']:
            resp = query.user_query(args.query, args.attrs)

        # Groups
        elif args.lookup_type in ['group', 'groups']:
            if args.query:
                resp = query.group_membership(args.query, args.attrs)
            else:
                resp = query.group_query(args.attrs)

        # Computers
        elif args.lookup_type in ['computer', 'computers']:
            resp = query.computer_query(args.query, args.attrs)

        # Domain
        elif args.lookup_type == 'domain':
            resp = query.domain_query(args.attrs)

        # Trust
        elif args.lookup_type == 'trust':
            resp = query.trust_query(args.attrs)

        # Custom
        elif args.lookup_type == 'custom':
            resp = query.custom_query(args.query, args.attrs)

        else:
            logger.fail(
                "Invalid query operation:\n\t"
                "activereign query {user|group|computer|domain|trust|custom} -u {user} -p {password} -d {domain} -s {server}\n\t"
                "activereign query {user|group|computer|domain|trust|custom} -q {lookup value} -a {attributes} -id {credID}"
            )

        # Display results
        if args.lookup_type and resp:
            format_data(logger, resp, args.lookup_type, args.query, args.attrs,
                        args.resolve, args.debug)

        query.close()
    except Exception as e:
        if "invalidCredentials" in str(e):
            logger.fail(["LDAP Error", "Authentication failed"])
        else:
            logger.fail(["LDAP Error", str(e)])

Ejemplo n.º 2

Archivo: arg_parser.py Proyecto: wizard2773/ActiveReign

def enum_arg_mods(args, db_obj, logger):
    # Collect creds if not provided
    if not args.passwd and args.user and not args.hash:
        args.passwd = getpass("Enter password, or continue with null-value: ")

    elif args.cred_id and not args.user:
        enum_user = db_obj.extract_user(args.cred_id)
        args.user = enum_user[0][0]
        args.passwd = enum_user[0][1]
        args.hash = enum_user[0][2]
        args.domain = enum_user[0][3]

    # Gather target systems
    if args.target[0].startswith("{"):
        if args.cred_id:
            ldap_user = db_obj.extract_user(args.cred_id)
            username = ldap_user[0][0]
            password = ldap_user[0][1]
            hashes = ldap_user[0][2]
            domain = ldap_user[0][3]
        elif args.domain:
            username = args.user
            password = args.passwd
            hashes = args.hash
            domain = args.domain
        else:
            logger.warning(
                "To use the LDAP feature, please select a valid credential ID or enter domain credentials"
            )
            logger.warning(
                "Insert credentials:\n\tactivereign db insert -u username -p Password123 -d domain.local"
            )
            exit(0)

        if hashes:
            logger.status([
                'LDAP Authentication',
                '{}\{} (Password: None) (Hash: True)'.format(domain, username)
            ])
        else:
            logger.status([
                'LDAP Authentication',
                '{}\{} (Password: {}*******) (Hash: False])'.format(
                    domain, username, password[:1])
            ])

        try:
            l = LdapCon(username, password, hashes, domain, args.ldap_srv,
                        args.timeout)
            l.create_ldap_con()
            if not l:
                logger.status_fail(
                    ['LDAP Connection', 'Unable to create LDAP connection'])
                exit(1)
            logger.status_success([
                'LDAP Connection',
                'Connection established (server: {}) (LDAPS: {})'.format(
                    l.host, l.ldaps)
            ])

            if args.target[0] == '{ldap}':
                args.target = list(l.computer_query(False, False).keys())
            elif args.target[0] == "{eol}":
                args.target = list(l.computer_query('eol', False).keys())
            logger.status_success([
                'LDAP Connection',
                '{} computers collected'.format(len(args.target))
            ])

        except Exception as e:
            if "invalidCredentials" in str(e):
                logger.fail(["LDAP Error", "Authentication failed"])
            else:
                logger.fail(["LDAP Error", str(e)])
            exit(1)
    else:
        args.target = ipparser(args.target[0])

    if "--threshold" not in argv:
        tmp = db_obj.extract_lockout(args.domain)
        if tmp:
            args.lockout_threshold = tmp
            logger.status([
                "Lockout Tracker",
                "Threshold Extracted from database: {}".format(str(tmp))
            ])
        else:
            logger.status([
                "Lockout Tracker",
                "Using default lockout threshold: {}".format(
                    str(args.lockout_threshold))
            ])
    else:
        db_obj.update_domain(args.domain, args.lockout_threshold)
        logger.status([
            "Lockout Tracker",
            "Updating {} threshold in database to: {}".format(
                args.domain, str(args.lockout_threshold))
        ])

    if args.hash:
        logger.status([
            'Enum Authentication',
            '{}\{} (Password: None) (Hash: True)'.format(
                args.domain, args.user)
        ])
    else:
        logger.status([
            'Enum Authentication',
            '{}\{} (Password: {}****) (Hash: False)'.format(
                args.domain, args.user, args.passwd[:1])
        ])
    if 'l' in locals():
        l.close()
    return args

Ejemplo n.º 3

def enum_arg_mods(args, db_obj, loggers):
    logger = loggers['console']
    context = argparse.Namespace(
        mode=args.mode,
        timeout=args.timeout,
        local_auth=False,
        debug=args.debug,
        user=False,
        passwd=False,
        hash=False,
        domain=False,
    )

    # Ask user for creds if user present and no password
    if not args.passwd and args.user and not args.hash:
        args.passwd = getpass("Enter password, or continue with null-value: ")

    # Cred ID present & no user/pass provided, for us in enumeration
    elif args.cred_id and not args.user:
        enum_user = db_obj.extract_user(args.cred_id)
        args.user = enum_user[0][0]
        args.passwd = enum_user[0][1]
        args.hash = enum_user[0][2]
        args.domain = enum_user[0][3]

    # Gather target systems using ldap
    if args.ldap or args.eol:
        if args.cred_id:
            ldap_user = db_obj.extract_user(args.cred_id)
            context.user = ldap_user[0][0]
            context.passwd = ldap_user[0][1]
            context.hash = ldap_user[0][2]
            context.domain = ldap_user[0][3]

        elif args.domain and args.user:
            context.user = args.user
            context.passwd = args.passwd
            context.hash = args.hash
            context.domain = args.domain

        else:
            logger.warning(
                "To use the LDAP feature, please select a valid credential ID or enter domain credentials"
            )
            logger.warning(
                "Insert credentials:\n\tactivereign db insert -u username -p Password123 -d domain.local"
            )
            exit(0)

        if context.hash:
            logger.status([
                'LDAP Authentication',
                '{}\{} (Password: None) (Hash: True)'.format(
                    context.domain, context.user)
            ])
        else:
            logger.status([
                'LDAP Authentication',
                '{}\{} (Password: {}*******) (Hash: False)'.format(
                    context.domain, context.user, context.passwd[:1])
            ])

        try:
            l = LdapCon(context, loggers, args.ldap_srv, db_obj)
            l.create_ldap_con()
            if not l:
                logger.status_fail(
                    ['LDAP Connection', 'Unable to create LDAP connection'])
                exit(1)
            logger.status_success([
                'LDAP Connection',
                'Connection established (server: {}) (LDAPS: {})'.format(
                    l.host, l.ldaps)
            ])

            if args.ldap:
                args.target = list(l.computer_query(False, []).keys())
            elif args.eol:
                args.target = list(l.computer_query('eol', []).keys())
            logger.status_success([
                'LDAP Connection',
                '{} computers collected'.format(len(args.target))
            ])

        except Exception as e:
            if "invalidCredentials" in str(e):
                logger.fail(["LDAP Error", "Authentication failed"])
            else:
                logger.fail(["LDAP Error", str(e)])
            exit(1)
    else:
        args.target = ipparser(args.target)

    if "--threshold" not in argv:
        tmp = db_obj.extract_lockout(args.domain)
        if tmp:
            args.lockout_threshold = tmp
            logger.status([
                "Lockout Tracker",
                "Threshold extracted from database: {}".format(str(tmp))
            ])
        else:
            logger.status([
                "Lockout Tracker",
                "Using default lockout threshold: {}".format(
                    str(args.lockout_threshold))
            ])
    else:
        db_obj.update_domain(args.domain, args.lockout_threshold)
        logger.status([
            "Lockout Tracker",
            "Updating {} threshold in database to: {}".format(
                args.domain, str(args.lockout_threshold))
        ])

    if args.hash:
        logger.status([
            'Enum Authentication',
            '{}\{} (Password: None) (Hash: True)'.format(
                args.domain, args.user)
        ])
    else:
        logger.status([
            'Enum Authentication',
            '{}\{} (Password: {}****) (Hash: False)'.format(
                args.domain, args.user, args.passwd[:1])
        ])
    if 'l' in locals():
        l.close()
    return args

Ejemplo n.º 4

Archivo: arg_parser.py Proyecto: theralfbrown/ActiveReign

def spray_arg_mods(args, db_obj, loggers):
    logger = loggers['console']

    if not args.passwd:
        args.passwd = ['']

    if args.method.lower() == 'ldap' and args.local_auth:
        logger.warning(
            'Cannot use LDAP spray method with local authentication')
        exit(0)

    if not args.ldap:
        args.target = ipparser(args.target)

    if args.ldap or args.domain_users:
        if not args.cred_id:
            logger.warning(
                "To use this feature, please choose a cred id from the database"
            )
            logger.warning(
                "Insert credentials:\r\n     activereign db insert -u username -p Password123 -d domain.local"
            )
            exit(0)

        # Extract creds from db for Ldap query
        ldap_user = db_obj.extract_user(args.cred_id)
        if ldap_user:
            context = Namespace(
                mode=args.mode,
                timeout=args.timeout,
                local_auth=False,
                debug=args.debug,
                user=ldap_user[0][0],
                passwd=ldap_user[0][1],
                hash=ldap_user[0][2],
                domain=ldap_user[0][3],
            )

            if context.hash:
                logger.status([
                    'LDAP Authentication',
                    '{}\{} (Password: None) (Hash: True)'.format(
                        context.domain, context.user)
                ])
            else:
                logger.status([
                    'LDAP Authentication',
                    '{}\{} (Password: {}*******) (Hash: False)'.format(
                        context.domain, context.user, context.passwd[:1])
                ])

            try:
                # Define LDAP server to use for query
                l = LdapCon(context, loggers, args.ldap_srv, db_obj)
                l.create_ldap_con()
                if not l:
                    logger.status_fail([
                        'LDAP Connection', 'Unable to create LDAP connection'
                    ])
                    exit(1)
                    logger.status_success([
                        'LDAP Connection',
                        'Connection established (server: {}) (LDAPS: {})'.
                        format(l.host, l.ldaps)
                    ])

                ########################################
                # Get users via LDAP
                ########################################
                if args.domain_users:
                    tmp_users = l.user_query('active', False)
                    if args.force_all:
                        # Force spray on all users in domain - not recommended
                        args.user = tmp_users.keys()
                        try:
                            args.user.remove(context.user)
                            logger.status_success2(
                                "Removed User: {} (Query User)".format(
                                    context.user))
                        except:
                            pass
                        logger.status_success('{0}/{0} users collected'.format(
                            len(args.user)))

                    else:
                        users = []
                        # Check BadPwd Limit vs Lockout Threshold
                        try:
                            tmp = l.domain_query(False)
                            lockout_threshold = int(tmp[list(
                                tmp.keys())[0]]['lockoutThreshold'])
                            logger.status_success(
                                "Domain lockout threshold detected: {}\t Logon_Server: {}"
                                .format(lockout_threshold, l.host))
                        except:
                            logger.status_fail(
                                'Lockout threshold failed, using default threshold of {}'
                                .format(args.default_threshold))
                            lockout_threshold = args.default_threshold

                        # Compare and create user list
                        for user, data in tmp_users.items():
                            try:

                                # Remove query user from list
                                if user.lower() == context.user.lower():
                                    logger.status_success2(
                                        "Removed User: {} (Query User)".format(
                                            context.user))
                                # Compare badpwd count + create new list
                                if int(data['badPwdCount']) < (
                                        lockout_threshold - 1):
                                    users.append(user)
                                else:
                                    logger.status_success2(
                                        "Removed User: {} (BadPwd: {})".format(
                                            user, data['badPwdCount']))
                            except:
                                # no badPwdCount value exists
                                users.append(user)

                        args.user = users
                        logger.status_success('{}/{} users collected'.format(
                            len(args.user), len(tmp_users)))

                ########################################
                # get targets via ldap
                ########################################
                if args.ldap:
                    args.target = list(l.computer_query(False, False).keys())
                    logger.status_success('{} computers collected'.format(
                        len(args.target)))

                l.close()
            except Exception as e:
                logger.fail("Ldap Connection Error: {}".format(str(e)))
                exit(1)
        else:
            logger.fail("Unable to gather creds from db, try again")
            exit(0)
    return args

Ejemplo n.º 5

Archivo: arg_parser.py Proyecto: wizard2773/ActiveReign

def spray_arg_mods(args, db_obj, logger):
    if args.user_as_pass:
        args.passwd.append(0)

    if args.hash:
        args.passwd = ['']

    if args.method.lower() == 'ldap' and args.local_auth:
        logger.warning(
            'Cannot use LDAP spray method with local authentication')
        exit(0)

    if args.target[0] != "{ldap}":
        args.target = ipparser(args.target[0])

    if "{ldap}" in argv:
        if not args.cred_id:
            logger.warning(
                "To use this feature, please choose a cred id from the database"
            )
            logger.warning(
                "Insert credentials:\r\n     activereign db insert -u username -p Password123 -d domain.local"
            )
            exit(0)

        # Extract creds from db for Ldap query
        ldap_user = db_obj.extract_user(args.cred_id)
        if ldap_user:
            username = ldap_user[0][0]
            password = ldap_user[0][1]
            hashes = ldap_user[0][2]
            domain = ldap_user[0][3]
            logger.debug('Using {}\{}:{} to perform ldap queries'.format(
                domain, username, password))

            if hashes:
                logger.status([
                    'LDAP Authentication',
                    '{}\{} (Password: None) (Hash: True)'.format(
                        domain, username)
                ])
            else:
                logger.status([
                    'LDAP Authentication',
                    '{}\{} (Password: {}*******) (Hash: False])'.format(
                        domain, username, password[:1])
                ])

            try:
                # Define ldap server to not deal with lockout/replication issues
                if args.ldap_srv:
                    l = LdapCon(username, password, hashes, domain,
                                args.ldap_srv, args.timeout)
                elif args.user[0] == 'ldap' and args.target[0] not in [
                        'ldap', 'eol'
                ]:
                    l = LdapCon(username, password, hashes, domain,
                                args.target[0], args.timeout)
                else:
                    l = LdapCon(username, password, hashes, domain, '',
                                args.timeout)
                l.create_ldap_con()
                if not l:
                    logger.status_fail([
                        'LDAP Connection', 'Unable to create LDAP connection'
                    ])
                    exit(1)
                    logger.status_success([
                        'LDAP Connection',
                        'Connection established (server: {}) (LDAPS: {})'.
                        format(l.host, l.ldaps)
                    ])

                ########################################
                # Get users via LDAP
                ########################################
                if args.user[0] == '{ldap}':
                    tmp_users = l.user_query('active', False)
                    if args.force_all:
                        # Force spray on all users in domain - not recommended
                        args.user = tmp_users.keys()
                        try:
                            args.user.remove(username)
                            logger.status_success2([
                                "Users",
                                "Removed: {} (Query User)".format(username)
                            ])
                        except:
                            pass
                        logger.status_success(
                            ['Users', '{} users'.format(len(args.user))])

                    else:
                        users = []
                        # Check BadPwd Limit vs Lockout Threshold
                        try:
                            tmp = l.domain_query(False)
                            lockout_threshold = int(tmp[list(
                                tmp.keys())[0]]['lockoutThreshold'])
                            logger.status_success(
                                "Domain lockout threshold detected: {}\t Logon_Server: {}"
                                .format(lockout_threshold, l.host))
                        except:
                            logger.status_fail(
                                'Lockout threshold failed, using default threshold of {}'
                                .format(args.default_threshold))
                            lockout_threshold = args.default_threshold

                        # Compare and create user list
                        for user, data in tmp_users.items():
                            try:

                                # Remove query user from list
                                if user.lower() == username.lower():
                                    logger.status_success2(
                                        "Removed User: {} (Query User)".format(
                                            username))
                                # Compare badpwd count + create new list
                                if int(data['badPwdCount']) < (
                                        lockout_threshold - 1):
                                    users.append(user)
                                else:
                                    logger.status_success2(
                                        "Removed User: {} (BadPwd: {})".format(
                                            user, data['badPwdCount']))
                            except:
                                # no badPwdCount value exists
                                users.append(user)

                        args.user = users
                        logger.status_success('{}/{} users collected'.format(
                            len(args.user), len(tmp_users)))

                ########################################
                # get targets via ldap
                ########################################
                if args.target[0] == '{ldap}':
                    args.target = list(l.computer_query(False, False).keys())
                    logger.status_success('{} computers collected'.format(
                        len(args.target)))

                l.close()
            except Exception as e:
                logger.fail("Ldap Connection Error: {}".format(str(e)))
                exit(1)
        else:
            logger.fail("Unable to gather creds from db, try again")
            exit(0)
    return args