async def list_group_members(self, domain_name, group_name):
try:
_, err = await self.connect_rpc('SAMR')
if err is not None:
raise err
_, err = await self.connect_rpc('LSAD')
if err is not None:
raise err
policy_handle, _ = await rr(self.named_rpcs['LSAD'].open_policy2())
domain_sid, _ = await rr(
self.named_rpcs['SAMR'].get_domain_sid(domain_name))
domain_handle, _ = await rr(
self.named_rpcs['SAMR'].open_domain(domain_sid))
target_group_rid = None
async for name, rid, _ in rr_gen(
self.named_rpcs['SAMR'].list_aliases(domain_handle)):
if name == group_name:
target_group_rid = rid
break
if target_group_rid is None:
raise Exception('No group found with name "%s"' % group_name)
alias_handle, _ = await rr(self.named_rpcs['SAMR'].open_alias(
domain_handle, target_group_rid))
async for sid, _ in rr_gen(
self.named_rpcs['SAMR'].list_alias_members(alias_handle)):
async for domain_name, user_name, _ in rr_gen(
self.named_rpcs['LSAD'].lookup_sids(
policy_handle, [sid])):
yield domain_name, user_name, sid, None
except Exception as e:
yield None, None, None, e
async def list_domain_users(self, target_domain=None):
try:
_, err = await self.connect_rpc('SAMR')
if err is not None:
raise err
if target_domain is None:
logger.debug('No domain defined, fetching it from SAMR')
logger.debug('Fetching domains...')
async for domain, _ in rr_gen(
self.named_rpcs['SAMR'].list_domains()):
if domain == 'Builtin':
continue
if target_domain is None: #using th first available
target_domain = domain
logger.debug('Domain available: %s' % domain)
domain_sid, _ = await self.named_rpcs['SAMR'].get_domain_sid(
target_domain)
domain_handle, _ = await self.named_rpcs['SAMR'].open_domain(
domain_sid)
async for username, user_sid, err in self.named_rpcs[
'SAMR'].list_domain_users(domain_handle):
yield username, user_sid, err
except Exception as e:
yield None, None, e
async def list_sessions(self, level=10):
async for username, ip_addr, _ in rr_gen(
self.srvs.list_sessions(level=level)):
sess = SMBUserSession(username=username,
ip_addr=ip_addr.replace('\\', '').strip())
self.sessions.append(sess)
yield sess, None
async def list_group_members(self, domain_name, group_name):
policy_handle, _ = await rr(self.lsad.open_policy2())
domain_sid, _ = await rr(self.samr.get_domain_sid(domain_name))
domain_handle, _ = await rr(self.samr.open_domain(domain_sid))
target_group_rid = None
async for name, rid, _ in rr_gen(self.samr.list_aliases(domain_handle)):
if name == group_name:
target_group_rid = rid
break
if target_group_rid is None:
raise Exception('No group found with name "%s"' % group_name)
alias_handle, _ = await rr(self.samr.open_alias(domain_handle, target_group_rid))
async for sid, _ in rr_gen(self.samr.list_alias_members(alias_handle)):
async for domain_name, user_name, _ in rr_gen(self.lsad.lookup_sids(policy_handle, [sid])):
yield domain_name, user_name, sid, None
async def list_shares(self): async for name, share_type, remark, _ in rr_gen(self.srvs.list_shares()): share = SMBShare( name = name, stype = share_type, remark = remark, fullpath = '\\\\%s\\%s' % (self.connection.target.get_hostname_or_ip(), name) ) #self.shares.append(share) yield share, None
async def list_groups(self, domain_name, ret_sid = True):
"""
Lists all groups in a given domain.
domain_name: string
"""
domain_sid, _ = await rr(self.samr.get_domain_sid(domain_name))
domain_handle, _ = await rr(self.samr.open_domain(domain_sid))
#target_group_rids = {}
async for name, rid, _ in rr_gen(self.samr.list_aliases(domain_handle)):
sid = '%s-%s' % (domain_sid, rid)
yield name, sid, None
async def list_services(self):
try:
_, err = await self.connect_rpc('SERVICEMGR')
if err is not None:
raise err
async for service, _ in rr_gen(
self.named_rpcs['SERVICEMGR'].list()):
yield service, None
except Exception as e:
yield None, e
async def list_domain_users(self, target_domain=None):
if target_domain is None:
logger.debug('No domain defined, fetching it from SAMR')
logger.debug('Fetching domains...')
async for domain, _ in rr_gen(self.samr.list_domains()):
if domain == 'Builtin':
continue
if target_domain is None: #using th first available
target_domain = domain
logger.debug('Domain available: %s' % domain)
domain_sid, _ = await self.samr.get_domain_sid(target_domain)
domain_handle, _ = await self.samr.open_domain(domain_sid)
async for username, user_sid, err in self.samr.list_domain_users(
domain_handle):
yield username, user_sid, err
async def list_groups(self, domain_name, ret_sid=True):
"""
Lists all groups in a given domain.
domain_name: string
"""
try:
_, err = await self.connect_rpc('SAMR')
if err is not None:
raise err
domain_sid, _ = await rr(
self.named_rpcs['SAMR'].get_domain_sid(domain_name))
domain_handle, _ = await rr(
self.named_rpcs['SAMR'].open_domain(domain_sid))
async for name, rid, _ in rr_gen(
self.named_rpcs['SAMR'].list_aliases(domain_handle)):
sid = '%s-%s' % (domain_sid, rid)
yield name, sid, None
except Exception as e:
yield None, None, e
async def dcsync(self, target_domain = None, target_users = []):
if target_domain is None:
logger.debug('No domain defined, fetching it from SAMR')
logger.debug('Fetching domains...')
async for domain, _ in rr_gen(self.samr.list_domains()):
if domain == 'Builtin':
continue
if target_domain is None: #using th first available
target_domain = domain
logger.debug('Domain available: %s' % domain)
async with SMBDRSUAPI(self.connection, target_domain) as drsuapi:
try:
await rr(drsuapi.connect())
await rr(drsuapi.open())
except Exception as e:
logger.exception('Failed to connect to DRSUAPI!')
raise e
logger.debug('Using domain: %s' % target_domain)
if len(target_users) > 0:
for username in target_users:
secrets, _ = await drsuapi.get_user_secrets(username)
yield secrets
else:
domain_sid, _ = await self.samr.get_domain_sid(target_domain)
domain_handle, _ = await self.samr.open_domain(domain_sid)
async for username, user_sid, err in self.samr.list_domain_users(domain_handle):
if err is not None:
yield None, err
logger.debug('username: %s' % username)
secrets, _ = await rr(drsuapi.get_user_secrets(username))
logger.debug('secrets: %s' % secrets)
yield secrets, None
async def list_services(self):
async for service, _ in rr_gen(self.servicemanager.list()):
yield service, None
async def list_localgroups(self):
async for name, sid, _ in rr_gen(self.list_groups('Builtin')):
yield name, sid, None
async def list_domains(self): async for domain, _ in rr_gen(self.samr.list_domains()): #self.domains.append(domain) yield domain, None
