def get_netcomputer(domain_controller,
domain,
user,
password=str(),
lmhash=str(),
nthash=str(),
do_kerberos=False,
do_tls=False,
queried_computername='*',
queried_spn=str(),
queried_os=str(),
queried_sp=str(),
queried_domain=str(),
ads_path=str(),
printers=False,
unconstrained=False,
ping=False,
full_data=False,
custom_filter=str(),
attributes=[]):
requester = NetRequester(domain_controller, domain, user, password, lmhash,
nthash, do_kerberos, do_tls)
return requester.get_netcomputer(queried_computername=queried_computername,
queried_spn=queried_spn,
queried_os=queried_os,
queried_sp=queried_sp,
queried_domain=queried_domain,
ads_path=ads_path,
printers=printers,
unconstrained=unconstrained,
ping=ping,
full_data=full_data,
custom_filter=custom_filter,
attributes=attributes)
def get_netcomputer(domain_controller, domain, user, password=str(),
lmhash=str(), nthash=str(), queried_computername='*', queried_spn=str(),
queried_os=str(), queried_sp=str(), queried_domain=str(), ads_path=str(),
printers=False, unconstrained=False, ping=False, full_data=False,
custom_filter=str()):
requester = NetRequester(domain_controller, domain, user, password,
lmhash, nthash)
return requester.get_netcomputer(queried_computername=queried_computername,
queried_spn=queried_spn, queried_os=queried_os, queried_sp=queried_sp,
queried_domain=queried_domain, ads_path=ads_path, printers=printers,
unconstrained=unconstrained, ping=ping, full_data=full_data,
custom_filter=custom_filter)
def find_gpolocation(self,
queried_username=str(),
queried_groupname=str(),
queried_localgroup=str(),
queried_domain=str()):
results = list()
net_requester = NetRequester(self._domain_controller, self._domain,
self._user, self._password, self._lmhash,
self._nthash)
if queried_username:
try:
user = net_requester.get_netuser(
queried_username=queried_username,
queried_domain=queried_domain)[0]
except IndexError:
raise ValueError(
'Username \'{}\' was not found'.format(queried_username))
else:
target_sid = [user.objectsid]
object_sam_account_name = user.samaccountname
object_distinguished_name = user.distinguishedname
elif queried_groupname:
try:
group = net_requester.get_netgroup(
queried_groupname=queried_groupname,
queried_domain=queried_domain,
full_data=True)[0]
except IndexError:
raise ValueError('Group name \'{}\' was not found'.format(
queried_groupname))
else:
target_sid = [group.objectsid]
object_sam_account_name = group.samaccountname
object_distinguished_name = group.distinguishedname
else:
raise ValueError(
'You must specify either a username or a group name')
if 'admin' in queried_localgroup.lower():
local_sid = 'S-1-5-32-544'
elif 'rdp' in queried_localgroup.lower():
local_sid = 'S-1-5-32-555'
elif queried_localgroup.upper().startswith('S-1-5'):
local_sid = queried_localgroup
else:
raise ValueError('The queried local group must be in \'Administrators\', ' \
'\'RDP\', or a \'S-1-5\' type SID')
object_groups = net_requester.get_netgroup(
queried_username=object_sam_account_name,
queried_domain=queried_domain)
for object_group in object_groups:
try:
object_group_sid = net_requester.get_adobject(
queried_sam_account_name=object_group.samaccountname,
queried_domain=queried_domain)[0].objectsid
except IndexError:
# We may have the name of the group, but not its sam account name
try:
object_group_sid = net_requester.get_adobject(
queried_name=object_group.samaccountname,
queried_domain=queried_domain)[0].objectsid
except IndexError:
# Freak accident when someone is a member of a group, but
# we can't find the group in the AD
continue
target_sid.append(object_group_sid)
gpo_groups = list()
for gpo_group in self.get_netgpogroup(queried_domain=queried_domain):
try:
for member in gpo_group.members:
if not member.upper().startswith('S-1-5'):
try:
member = net_requester.get_adobject(
queried_sam_account_name=member,
queried_domain=queried_domain)[0].objectsid
except IndexError, AttributeError:
continue
if (member.upper() in target_sid) or (member.lower()
in target_sid):
if (local_sid.upper() in gpo_group.memberof) or \
(local_sid.lower() in gpo_group.memberof):
gpo_groups.append(gpo_group)
break
except AttributeError:
continue
for gpo_group in gpo_groups:
gpo_guid = gpo_group.gponame
ous = net_requester.get_netou(queried_domain=queried_domain,
queried_guid=gpo_guid,
full_data=True)
for ou in ous:
# TODO: support filters for GPO
ou_computers = [x.dnshostname for x in \
net_requester.get_netcomputer(queried_domain=queried_domain,
ads_path=ou.distinguishedname)]
gpo_location = GPOLocation(list())
setattr(gpo_location, 'objectname', object_distinguished_name)
setattr(gpo_location, 'gponame', gpo_group.gpodisplayname)
setattr(gpo_location, 'gpoguid', gpo_guid)
setattr(gpo_location, 'containername', ou.distinguishedname)
setattr(gpo_location, 'computers', ou_computers)
results.append(gpo_location)
return results
def find_gpocomputeradmin(self,
queried_computername=str(),
queried_ouname=str(),
queried_domain=str(),
recurse=False):
results = list()
if (not queried_computername) and (not queried_ouname):
raise ValueError(
'You must specify either a computer name or an OU name')
net_requester = NetRequester(self._domain_controller, self._domain,
self._user, self._password, self._lmhash,
self._nthash)
if queried_computername:
computers = net_requester.get_netcomputer(
queried_computername=queried_computername,
queried_domain=queried_domain,
full_data=True)
if not computers:
raise ValueError(
'Computer {} not found'.format(queried_computername))
target_ous = list()
for computer in computers:
dn = computer.distinguishedname
for x in dn.split(','):
if x.startswith('OU='):
target_ous.append(dn[dn.find(x):])
else:
target_ous = [queried_ouname]
gpo_groups = list()
for target_ou in target_ous:
ous = net_requester.get_netou(ads_path=target_ou,
queried_domain=queried_domain,
full_data=True)
for ou in ous:
for gplink in ou.gplink.strip('[]').split(']['):
gplink = gplink.split(';')[0]
gpo_groups = self.get_netgpogroup(
queried_domain=queried_domain, ads_path=gplink)
for gpo_group in gpo_groups:
for member in gpo_group.members:
obj = net_requester.get_adobject(
queried_sid=member,
queried_domain=queried_domain)[0]
gpo_computer_admin = GPOComputerAdmin(list())
setattr(gpo_computer_admin, 'computername',
queried_computername)
setattr(gpo_computer_admin, 'ou', target_ou)
setattr(gpo_computer_admin, 'gpodisplayname',
gpo_group.gpodisplayname)
setattr(gpo_computer_admin, 'gpopath',
gpo_group.gpopath)
setattr(gpo_computer_admin, 'objectname', obj.name)
setattr(gpo_computer_admin, 'objectdn',
obj.distinguishedname)
setattr(gpo_computer_admin, 'objectsid', member)
setattr(gpo_computer_admin, 'isgroup',
(obj.samaccounttype != '805306368'))
results.append(gpo_computer_admin)
if recurse and gpo_computer_admin.isgroup:
groups_to_resolve = [
gpo_computer_admin.objectsid
]
while groups_to_resolve:
group_to_resolve = groups_to_resolve.pop(0)
group_members = net_requester.get_netgroupmember(
queried_sid=group_to_resolve,
queried_domain=queried_domain,
full_data=True)
for group_member in group_members:
gpo_computer_admin = GPOComputerAdmin(
list())
setattr(gpo_computer_admin,
'computername',
queried_computername)
setattr(gpo_computer_admin, 'ou',
target_ou)
setattr(gpo_computer_admin,
'gpodisplayname',
gpo_group.gpodisplayname)
setattr(gpo_computer_admin, 'gpopath',
gpo_group.gpopath)
setattr(gpo_computer_admin,
'objectname',
group_member.samaccountname)
setattr(gpo_computer_admin, 'objectdn',
group_member.distinguishedname)
setattr(gpo_computer_admin,
'objectsid', member)
setattr(gpo_computer_admin, 'isgroup',
(group_member.samaccounttype !=
'805306368'))
results.append(gpo_computer_admin)
if gpo_computer_admin.isgroup:
groups_to_resolve.append(
group_member.objectsid)
return results
def find_gpolocation(self, queried_username=str(), queried_groupname=str(),
queried_localgroup=str(), queried_domain=str()):
results = list()
net_requester = NetRequester(self._domain_controller, self._domain, self._user,
self._password, self._lmhash, self._nthash)
if queried_username:
try:
user = net_requester.get_netuser(queried_username=queried_username,
queried_domain=queried_domain)[0]
except IndexError:
raise ValueError('Username \'{}\' was not found'.format(queried_username))
else:
target_sid = [user.objectsid]
object_sam_account_name = user.samaccountname
object_distinguished_name = user.distinguishedname
elif queried_groupname:
try:
group = net_requester.get_netgroup(queried_groupname=queried_groupname,
queried_domain=queried_domain,
full_data=True)[0]
except IndexError:
raise ValueError('Group name \'{}\' was not found'.format(queried_groupname))
else:
target_sid = [group.objectsid]
object_sam_account_name = group.samaccountname
object_distinguished_name = group.distinguishedname
else:
raise ValueError('You must specify either a username or a group name')
if 'admin' in queried_localgroup.lower():
local_sid = 'S-1-5-32-544'
elif 'rdp' in queried_localgroup.lower():
local_sid = 'S-1-5-32-555'
elif queried_localgroup.upper().startswith('S-1-5'):
local_sid = queried_localgroup
else:
raise ValueError('The queried local group must be in \'Administrators\', ' \
'\'RDP\', or a \'S-1-5\' type SID')
object_groups = net_requester.get_netgroup(queried_username=object_sam_account_name,
queried_domain=queried_domain)
for object_group in object_groups:
try:
object_group_sid = net_requester.get_adobject(queried_sam_account_name=object_group.samaccountname,
queried_domain=queried_domain)[0].objectsid
except IndexError:
# We may have the name of the group, but not its sam account name
object_group_sid = net_requester.get_adobject(queried_name=object_group.samaccountname,
queried_domain=queried_domain)[0].objectsid
target_sid.append(object_group_sid)
gpo_groups = list()
for gpo_group in self.get_netgpogroup():
try:
for member in gpo_group.members:
if not member.upper().startswith('S-1-5'):
try:
member = net_requester.get_adobject(queried_sam_account_name=member,
queried_domain=queried_domain)[0].objectsid
except IndexError, AttributeError:
continue
if (member.upper() in target_sid) or (member.lower() in target_sid):
if (local_sid.upper() in gpo_group.memberof) or \
(local_sid.lower() in gpo_group.memberof):
gpo_groups.append(gpo_group)
break
except AttributeError:
continue
for gpo_group in gpo_groups:
gpo_guid = gpo_group.gponame
ous = net_requester.get_netou(queried_domain=queried_domain,
queried_guid=gpo_guid, full_data=True)
for ou in ous:
# TODO: support filters for GPO
ou_computers = [x.dnshostname for x in \
net_requester.get_netcomputer(queried_domain=queried_domain,
ads_path=ou.distinguishedname)]
gpo_location = GPOLocation(list())
setattr(gpo_location, 'objectname', object_distinguished_name)
setattr(gpo_location, 'gponame', gpo_group.gpodisplayname)
setattr(gpo_location, 'gpoguid', gpo_guid)
setattr(gpo_location, 'containername', ou.distinguishedname)
setattr(gpo_location, 'computers', ou_computers)
results.append(gpo_location)
return results
def find_gpocomputeradmin(self, queried_computername=str(),
queried_ouname=str(), queried_domain=str(),
recurse=False):
results = list()
if (not queried_computername) and (not queried_ouname):
raise ValueError('You must specify either a computer name or an OU name')
net_requester = NetRequester(self._domain_controller, self._domain, self._user,
self._password, self._lmhash, self._nthash)
if queried_computername:
computers = net_requester.get_netcomputer(queried_computername=queried_computername,
queried_domain=queried_domain,
full_data=True)
if not computers:
raise ValueError('Computer {} not found'.format(queried_computername))
target_ous = list()
for computer in computers:
dn = computer.distinguishedname
for x in dn.split(','):
if x.startswith('OU='):
target_ous.append(dn[dn.find(x):])
else:
target_ous = [queried_ouname]
gpo_groups = list()
for target_ou in target_ous:
ous = net_requester.get_netou(ads_path=target_ou, queried_domain=queried_domain,
full_data=True)
for ou in ous:
for gplink in ou.gplink.strip('[]').split(']['):
gplink = gplink.split(';')[0]
gpo_groups = self.get_netgpogroup(queried_domain=queried_domain,
ads_path=gplink)
for gpo_group in gpo_groups:
for member in gpo_group.members:
obj = net_requester.get_adobject(queried_sid=member,
queried_domain=queried_domain)[0]
gpo_computer_admin = GPOComputerAdmin(list())
setattr(gpo_computer_admin, 'computername', queried_computername)
setattr(gpo_computer_admin, 'ou', target_ou)
setattr(gpo_computer_admin, 'gpodisplayname', gpo_group.gpodisplayname)
setattr(gpo_computer_admin, 'gpopath', gpo_group.gpopath)
setattr(gpo_computer_admin, 'objectname', obj.name)
setattr(gpo_computer_admin, 'objectdn', obj.distinguishedname)
setattr(gpo_computer_admin, 'objectsid', member)
setattr(gpo_computer_admin, 'isgroup', (obj.samaccounttype != '805306368'))
results.append(gpo_computer_admin)
if recurse and gpo_computer_admin.isgroup:
groups_to_resolve = [gpo_computer_admin.objectsid]
while groups_to_resolve:
group_to_resolve = groups_to_resolve.pop(0)
group_members = net_requester.get_netgroupmember(queried_sid=group_to_resolve,
full_data=True)
for group_member in group_members:
gpo_computer_admin = GPOComputerAdmin(list())
setattr(gpo_computer_admin, 'computername', queried_computername)
setattr(gpo_computer_admin, 'ou', target_ou)
setattr(gpo_computer_admin, 'gpodisplayname', gpo_group.gpodisplayname)
setattr(gpo_computer_admin, 'gpopath', gpo_group.gpopath)
setattr(gpo_computer_admin, 'objectname', group_member.samaccountname)
setattr(gpo_computer_admin, 'objectdn', group_member.distinguishedname)
setattr(gpo_computer_admin, 'objectsid', member)
setattr(gpo_computer_admin, 'isgroup', (group_member.samaccounttype != '805306368'))
results.append(gpo_computer_admin)
if gpo_computer_admin.isgroup:
groups_to_resolve.append(group_member.objectsid)
return results
