def enum_user(self, user_data): user_data = MSADUser.from_ldap(user_data) user = ADUser.from_aduser(user_data) user.ad_id = self.ad_id self.session.add(user) self.session.commit() self.session.refresh(user) for spn in getattr(user, 'allowedtodelegateto', []): con = JackDawUserConstrainedDelegation() con.spn = spn con.targetaccount = LDAPEnumeratorManager.spn_to_account(spn) user.allowedtodelegateto.append(con) self.session.commit() membership_attr = { 'dn': str(user.dn), 'cn': str(user.cn), 'guid': str(user.objectGUID), 'sid': str(user.objectSid), 'type': 'user' } self.member_ctr += 1 job = LDAPAgentJob(LDAPAgentCommand.MEMBERSHIPS, membership_attr) self.agent_in_q.put(job) self.sd_ctr += 1 job = LDAPAgentJob(LDAPAgentCommand.SDS, { 'dn': user.dn, 'obj_type': 'user' }) self.agent_in_q.put(job)
async def get_all_users(self): try: async for user_data, err in self.ldap.get_all_users(): if err is not None: raise err try: user = ADUser.from_aduser(user_data) except: await self.agent_out_q.put((LDAPAgentCommand.EXCEPTION, str(traceback.format_exc()))) continue spns = [] if user_data.servicePrincipalName is not None: for spn in user_data.servicePrincipalName: spns.append( JackDawSPN.from_spn_str(spn, user.objectSid)) await self.agent_out_q.put((LDAPAgentCommand.USER, { 'user': user, 'spns': spns })) except: await self.agent_out_q.put( (LDAPAgentCommand.EXCEPTION, str(traceback.format_exc()))) finally: await self.agent_out_q.put((LDAPAgentCommand.USERS_FINISHED, None))
async def get_all_users(self): try: async for user_data in self.ldap.get_all_user_objects(): user = ADUser.from_aduser(user_data) await self.agent_out_q.coro_put((LDAPAgentCommand.USER, user)) except: await self.agent_out_q.coro_put( (LDAPAgentCommand.EXCEPTION, str(traceback.format_exc()))) finally: await self.agent_out_q.coro_put( (LDAPAgentCommand.USERS_FINISHED, None))
def import_users(self): print('Importing users!') for user in self.get_file('users')['users']: #pprint.pprint(user) #input() m = ADUser() m.ad_id = self.ads[user['Properties']['objectsid'].rsplit('-', 1)[0]] m.name = user['Name'].split('@', 1)[0] m.objectSid = user['Properties']['objectsid'] m.description = user['Properties']['description'] m.displayName = user['Properties']['displayname'] m.email = user['Properties']['email'] self.db_session.add(m) self.db_session.commit()
def import_users(self): logger.debug('[BHIMPORT] Importing users') meta = self.get_file('users')['meta'] total = meta['count'] for user in tqdm(self.get_file('users')['users'], desc='Users ', total=total, disable=self.disable_print_progress): try: if self.debug is True: pretty(user) input() if self.bloodhound_version == '2': m = ADUser() m.ad_id = self.ads[user['Properties']['objectsid'].rsplit( '-', 1)[0]] m.name = user['Name'].split('@', 1)[0] m.sAMAccountName = m.name m.objectSid = user['Properties']['objectsid'] m.canLogon = user['Properties'].get('enabled') m.lastLogonTimestamp = convert_to_dt( user['Properties'].get('lastlogontimestamp')) m.lastLogon = convert_to_dt( user['Properties'].get('lastlogon')) m.pwdLastSet = convert_to_dt( user['Properties'].get('pwdlastset')) m.displayName = user['Properties'].get('displayname') m.email = user['Properties'].get('email') m.description = user['Properties'].get('description') m.UAC_DONT_REQUIRE_PREAUTH = user['Properties'].get( 'dontreqpreauth') m.UAC_PASSWD_NOTREQD = user['Properties'].get( 'passwordnotreqd') m.UAC_TRUSTED_FOR_DELEGATION = user['Properties'].get( 'unconstraineddelegation') m.adminCount = user['Properties'].get('admincount') #not importing [Properties][highvalue] [Properties][hasspn] [Properties][title] [Properties][homedirectory] [Properties][userpassword] [Properties][sensitive] [AllowedToDelegate] [SPNTargets] else: m = ADUser() m.ad_id = self.ads[user['Properties']['objectid'].rsplit( '-', 1)[0]] m.dn = user['Properties']['distinguishedname'] m.name = user['Properties']['name'].split('@', 1)[0] m.sAMAccountName = m.name m.objectSid = user['Properties']['objectid'] m.description = user['Properties']['description'] m.displayName = user['Properties']['displayname'] m.email = user['Properties']['email'] m.UAC_DONT_REQUIRE_PREAUTH = user['Properties'][ 'dontreqpreauth'] m.UAC_PASSWD_NOTREQD = user['Properties'][ 'passwordnotreqd'] m.UAC_TRUSTED_FOR_DELEGATION = user['Properties'][ 'unconstraineddelegation'] m.canLogon = user['Properties']['enabled'] if 'pwdneverexpires' in user['Properties']: m.UAC_DONT_EXPIRE_PASSWD = user['Properties'][ 'pwdneverexpires'] m.adminCount = user['Properties']['admincount'] m.pwdLastSet = convert_to_dt( user['Properties']['pwdlastset']) m.lastLogonTimestamp = convert_to_dt( user['Properties']['lastlogontimestamp']) m.lastLogon = convert_to_dt( user['Properties']['lastlogon']) m.displayName = user['Properties']['displayname'] #not importing [Properties][highvalue] [Properties][hasspn] [Properties][sidhistory] [Properties][title] [Properties][homedirectory] [Properties][userpassword] [Properties][sensitive] [HasSIDHistory] [AllowedToDelegate] [SPNTargets] if user['Properties'].get('highvalue') is True: hvt = ADObjProps(self.graphid, m.objectSid, 'HVT') self.db_session.add(hvt) if 'serviceprincipalnames' in user['Properties']: if len(user['Properties']['serviceprincipalnames']) > 0: m.servicePrincipalName = '|'.join( user['Properties']['serviceprincipalnames']) self.spns.append( (m.objectSid, m.ad_id, user['Properties']['serviceprincipalnames'])) self.db_session.add(m) edgeinfo = EdgeLookup(m.ad_id, m.objectSid, 'user') self.db_session.add(edgeinfo) #self.db_session.commit() if user['Aces'] is not None: self.insert_acl(m.objectSid, 'user', user['Aces'], m.ad_id) except Exception as e: logger.debug( '[BHIMPORT] Error while processing user %s Reason: %s' % (user, e)) continue self.db_session.commit()
def get_all_users(self): for user in self.ldap.get_all_user_objects(): #TODO: fix this ugly stuff here... if user.sAMAccountName[-1] == "$": continue yield (user, ADUser.from_aduser(user))