def get_netcomputer(domain_controller, domain, user, password=str(), lmhash=str(), nthash=str(), do_kerberos=False, do_tls=False, queried_computername='*', queried_spn=str(), queried_os=str(), queried_sp=str(), queried_domain=str(), ads_path=str(), printers=False, unconstrained=False, ping=False, full_data=False, custom_filter=str(), attributes=[]): requester = NetRequester(domain_controller, domain, user, password, lmhash, nthash, do_kerberos, do_tls) return requester.get_netcomputer(queried_computername=queried_computername, queried_spn=queried_spn, queried_os=queried_os, queried_sp=queried_sp, queried_domain=queried_domain, ads_path=ads_path, printers=printers, unconstrained=unconstrained, ping=ping, full_data=full_data, custom_filter=custom_filter, attributes=attributes)
def get_netcomputer(domain_controller, domain, user, password=str(), lmhash=str(), nthash=str(), queried_computername='*', queried_spn=str(), queried_os=str(), queried_sp=str(), queried_domain=str(), ads_path=str(), printers=False, unconstrained=False, ping=False, full_data=False, custom_filter=str()): requester = NetRequester(domain_controller, domain, user, password, lmhash, nthash) return requester.get_netcomputer(queried_computername=queried_computername, queried_spn=queried_spn, queried_os=queried_os, queried_sp=queried_sp, queried_domain=queried_domain, ads_path=ads_path, printers=printers, unconstrained=unconstrained, ping=ping, full_data=full_data, custom_filter=custom_filter)
def find_gpolocation(self, queried_username=str(), queried_groupname=str(), queried_localgroup=str(), queried_domain=str()): results = list() net_requester = NetRequester(self._domain_controller, self._domain, self._user, self._password, self._lmhash, self._nthash) if queried_username: try: user = net_requester.get_netuser( queried_username=queried_username, queried_domain=queried_domain)[0] except IndexError: raise ValueError( 'Username \'{}\' was not found'.format(queried_username)) else: target_sid = [user.objectsid] object_sam_account_name = user.samaccountname object_distinguished_name = user.distinguishedname elif queried_groupname: try: group = net_requester.get_netgroup( queried_groupname=queried_groupname, queried_domain=queried_domain, full_data=True)[0] except IndexError: raise ValueError('Group name \'{}\' was not found'.format( queried_groupname)) else: target_sid = [group.objectsid] object_sam_account_name = group.samaccountname object_distinguished_name = group.distinguishedname else: raise ValueError( 'You must specify either a username or a group name') if 'admin' in queried_localgroup.lower(): local_sid = 'S-1-5-32-544' elif 'rdp' in queried_localgroup.lower(): local_sid = 'S-1-5-32-555' elif queried_localgroup.upper().startswith('S-1-5'): local_sid = queried_localgroup else: raise ValueError('The queried local group must be in \'Administrators\', ' \ '\'RDP\', or a \'S-1-5\' type SID') object_groups = net_requester.get_netgroup( queried_username=object_sam_account_name, queried_domain=queried_domain) for object_group in object_groups: try: object_group_sid = net_requester.get_adobject( queried_sam_account_name=object_group.samaccountname, queried_domain=queried_domain)[0].objectsid except IndexError: # We may have the name of the group, but not its sam account name try: object_group_sid = net_requester.get_adobject( queried_name=object_group.samaccountname, queried_domain=queried_domain)[0].objectsid except IndexError: # Freak accident when someone is a member of a group, but # we can't find the group in the AD continue target_sid.append(object_group_sid) gpo_groups = list() for gpo_group in self.get_netgpogroup(queried_domain=queried_domain): try: for member in gpo_group.members: if not member.upper().startswith('S-1-5'): try: member = net_requester.get_adobject( queried_sam_account_name=member, queried_domain=queried_domain)[0].objectsid except IndexError, AttributeError: continue if (member.upper() in target_sid) or (member.lower() in target_sid): if (local_sid.upper() in gpo_group.memberof) or \ (local_sid.lower() in gpo_group.memberof): gpo_groups.append(gpo_group) break except AttributeError: continue for gpo_group in gpo_groups: gpo_guid = gpo_group.gponame ous = net_requester.get_netou(queried_domain=queried_domain, queried_guid=gpo_guid, full_data=True) for ou in ous: # TODO: support filters for GPO ou_computers = [x.dnshostname for x in \ net_requester.get_netcomputer(queried_domain=queried_domain, ads_path=ou.distinguishedname)] gpo_location = GPOLocation(list()) setattr(gpo_location, 'objectname', object_distinguished_name) setattr(gpo_location, 'gponame', gpo_group.gpodisplayname) setattr(gpo_location, 'gpoguid', gpo_guid) setattr(gpo_location, 'containername', ou.distinguishedname) setattr(gpo_location, 'computers', ou_computers) results.append(gpo_location) return results
def find_gpocomputeradmin(self, queried_computername=str(), queried_ouname=str(), queried_domain=str(), recurse=False): results = list() if (not queried_computername) and (not queried_ouname): raise ValueError( 'You must specify either a computer name or an OU name') net_requester = NetRequester(self._domain_controller, self._domain, self._user, self._password, self._lmhash, self._nthash) if queried_computername: computers = net_requester.get_netcomputer( queried_computername=queried_computername, queried_domain=queried_domain, full_data=True) if not computers: raise ValueError( 'Computer {} not found'.format(queried_computername)) target_ous = list() for computer in computers: dn = computer.distinguishedname for x in dn.split(','): if x.startswith('OU='): target_ous.append(dn[dn.find(x):]) else: target_ous = [queried_ouname] gpo_groups = list() for target_ou in target_ous: ous = net_requester.get_netou(ads_path=target_ou, queried_domain=queried_domain, full_data=True) for ou in ous: for gplink in ou.gplink.strip('[]').split(']['): gplink = gplink.split(';')[0] gpo_groups = self.get_netgpogroup( queried_domain=queried_domain, ads_path=gplink) for gpo_group in gpo_groups: for member in gpo_group.members: obj = net_requester.get_adobject( queried_sid=member, queried_domain=queried_domain)[0] gpo_computer_admin = GPOComputerAdmin(list()) setattr(gpo_computer_admin, 'computername', queried_computername) setattr(gpo_computer_admin, 'ou', target_ou) setattr(gpo_computer_admin, 'gpodisplayname', gpo_group.gpodisplayname) setattr(gpo_computer_admin, 'gpopath', gpo_group.gpopath) setattr(gpo_computer_admin, 'objectname', obj.name) setattr(gpo_computer_admin, 'objectdn', obj.distinguishedname) setattr(gpo_computer_admin, 'objectsid', member) setattr(gpo_computer_admin, 'isgroup', (obj.samaccounttype != '805306368')) results.append(gpo_computer_admin) if recurse and gpo_computer_admin.isgroup: groups_to_resolve = [ gpo_computer_admin.objectsid ] while groups_to_resolve: group_to_resolve = groups_to_resolve.pop(0) group_members = net_requester.get_netgroupmember( queried_sid=group_to_resolve, queried_domain=queried_domain, full_data=True) for group_member in group_members: gpo_computer_admin = GPOComputerAdmin( list()) setattr(gpo_computer_admin, 'computername', queried_computername) setattr(gpo_computer_admin, 'ou', target_ou) setattr(gpo_computer_admin, 'gpodisplayname', gpo_group.gpodisplayname) setattr(gpo_computer_admin, 'gpopath', gpo_group.gpopath) setattr(gpo_computer_admin, 'objectname', group_member.samaccountname) setattr(gpo_computer_admin, 'objectdn', group_member.distinguishedname) setattr(gpo_computer_admin, 'objectsid', member) setattr(gpo_computer_admin, 'isgroup', (group_member.samaccounttype != '805306368')) results.append(gpo_computer_admin) if gpo_computer_admin.isgroup: groups_to_resolve.append( group_member.objectsid) return results
def find_gpolocation(self, queried_username=str(), queried_groupname=str(), queried_localgroup=str(), queried_domain=str()): results = list() net_requester = NetRequester(self._domain_controller, self._domain, self._user, self._password, self._lmhash, self._nthash) if queried_username: try: user = net_requester.get_netuser(queried_username=queried_username, queried_domain=queried_domain)[0] except IndexError: raise ValueError('Username \'{}\' was not found'.format(queried_username)) else: target_sid = [user.objectsid] object_sam_account_name = user.samaccountname object_distinguished_name = user.distinguishedname elif queried_groupname: try: group = net_requester.get_netgroup(queried_groupname=queried_groupname, queried_domain=queried_domain, full_data=True)[0] except IndexError: raise ValueError('Group name \'{}\' was not found'.format(queried_groupname)) else: target_sid = [group.objectsid] object_sam_account_name = group.samaccountname object_distinguished_name = group.distinguishedname else: raise ValueError('You must specify either a username or a group name') if 'admin' in queried_localgroup.lower(): local_sid = 'S-1-5-32-544' elif 'rdp' in queried_localgroup.lower(): local_sid = 'S-1-5-32-555' elif queried_localgroup.upper().startswith('S-1-5'): local_sid = queried_localgroup else: raise ValueError('The queried local group must be in \'Administrators\', ' \ '\'RDP\', or a \'S-1-5\' type SID') object_groups = net_requester.get_netgroup(queried_username=object_sam_account_name, queried_domain=queried_domain) for object_group in object_groups: try: object_group_sid = net_requester.get_adobject(queried_sam_account_name=object_group.samaccountname, queried_domain=queried_domain)[0].objectsid except IndexError: # We may have the name of the group, but not its sam account name object_group_sid = net_requester.get_adobject(queried_name=object_group.samaccountname, queried_domain=queried_domain)[0].objectsid target_sid.append(object_group_sid) gpo_groups = list() for gpo_group in self.get_netgpogroup(): try: for member in gpo_group.members: if not member.upper().startswith('S-1-5'): try: member = net_requester.get_adobject(queried_sam_account_name=member, queried_domain=queried_domain)[0].objectsid except IndexError, AttributeError: continue if (member.upper() in target_sid) or (member.lower() in target_sid): if (local_sid.upper() in gpo_group.memberof) or \ (local_sid.lower() in gpo_group.memberof): gpo_groups.append(gpo_group) break except AttributeError: continue for gpo_group in gpo_groups: gpo_guid = gpo_group.gponame ous = net_requester.get_netou(queried_domain=queried_domain, queried_guid=gpo_guid, full_data=True) for ou in ous: # TODO: support filters for GPO ou_computers = [x.dnshostname for x in \ net_requester.get_netcomputer(queried_domain=queried_domain, ads_path=ou.distinguishedname)] gpo_location = GPOLocation(list()) setattr(gpo_location, 'objectname', object_distinguished_name) setattr(gpo_location, 'gponame', gpo_group.gpodisplayname) setattr(gpo_location, 'gpoguid', gpo_guid) setattr(gpo_location, 'containername', ou.distinguishedname) setattr(gpo_location, 'computers', ou_computers) results.append(gpo_location) return results
def find_gpocomputeradmin(self, queried_computername=str(), queried_ouname=str(), queried_domain=str(), recurse=False): results = list() if (not queried_computername) and (not queried_ouname): raise ValueError('You must specify either a computer name or an OU name') net_requester = NetRequester(self._domain_controller, self._domain, self._user, self._password, self._lmhash, self._nthash) if queried_computername: computers = net_requester.get_netcomputer(queried_computername=queried_computername, queried_domain=queried_domain, full_data=True) if not computers: raise ValueError('Computer {} not found'.format(queried_computername)) target_ous = list() for computer in computers: dn = computer.distinguishedname for x in dn.split(','): if x.startswith('OU='): target_ous.append(dn[dn.find(x):]) else: target_ous = [queried_ouname] gpo_groups = list() for target_ou in target_ous: ous = net_requester.get_netou(ads_path=target_ou, queried_domain=queried_domain, full_data=True) for ou in ous: for gplink in ou.gplink.strip('[]').split(']['): gplink = gplink.split(';')[0] gpo_groups = self.get_netgpogroup(queried_domain=queried_domain, ads_path=gplink) for gpo_group in gpo_groups: for member in gpo_group.members: obj = net_requester.get_adobject(queried_sid=member, queried_domain=queried_domain)[0] gpo_computer_admin = GPOComputerAdmin(list()) setattr(gpo_computer_admin, 'computername', queried_computername) setattr(gpo_computer_admin, 'ou', target_ou) setattr(gpo_computer_admin, 'gpodisplayname', gpo_group.gpodisplayname) setattr(gpo_computer_admin, 'gpopath', gpo_group.gpopath) setattr(gpo_computer_admin, 'objectname', obj.name) setattr(gpo_computer_admin, 'objectdn', obj.distinguishedname) setattr(gpo_computer_admin, 'objectsid', member) setattr(gpo_computer_admin, 'isgroup', (obj.samaccounttype != '805306368')) results.append(gpo_computer_admin) if recurse and gpo_computer_admin.isgroup: groups_to_resolve = [gpo_computer_admin.objectsid] while groups_to_resolve: group_to_resolve = groups_to_resolve.pop(0) group_members = net_requester.get_netgroupmember(queried_sid=group_to_resolve, full_data=True) for group_member in group_members: gpo_computer_admin = GPOComputerAdmin(list()) setattr(gpo_computer_admin, 'computername', queried_computername) setattr(gpo_computer_admin, 'ou', target_ou) setattr(gpo_computer_admin, 'gpodisplayname', gpo_group.gpodisplayname) setattr(gpo_computer_admin, 'gpopath', gpo_group.gpopath) setattr(gpo_computer_admin, 'objectname', group_member.samaccountname) setattr(gpo_computer_admin, 'objectdn', group_member.distinguishedname) setattr(gpo_computer_admin, 'objectsid', member) setattr(gpo_computer_admin, 'isgroup', (group_member.samaccounttype != '805306368')) results.append(gpo_computer_admin) if gpo_computer_admin.isgroup: groups_to_resolve.append(group_member.objectsid) return results