def get_users_list(config):
users_list = []
sam_info = registry.samparse(config.sam_hive)
for user in sam_info['users']:
username = user
[sid, user_folder] = get_sid_and_folder_from_username(config,
username)
account_type = sam_info['users'][user]['Account Type']
rid = sam_info['users'][user]['RID']
account_created_date = sam_info['users'][user]['Account Created Date']
last_login_date = sam_info['users'][user]['Last Login Date']
password_reset_date = sam_info['users'][user]['Password Reset Date']
password_fail_date = sam_info['users'][user]['Password Fail Date']
account_flags = sam_info['users'][user]['Account Flags']
failed_login_count = sam_info['users'][user]['Failed Login Count']
login_count = sam_info['users'][user]['Login Count']
lm_hash = ''.join('{:02x}'.format(ord(c)) for c in sam_info['users']
[user]['LM Password Hash'])
nt_hash = ''.join('{:02x}'.format(ord(c)) for c in sam_info['users']
[user]['NT Password Hash'])
users_list.append(User(username, sid, user_folder, account_type, rid,
account_created_date, last_login_date, password_reset_date,
password_fail_date, account_flags, failed_login_count, login_count,
lm_hash, nt_hash))
return users_list
def get_groups_list(config):
groups_list = []
sam_info = registry.samparse(config.sam_hive)
for group in sam_info['groups']:
name = ''.join(group[::2])
group_description = ''.join(sam_info['groups'][group]
['Group Description'][::2])
last_write = sam_info['groups'][group]['Last Write']
user_count = sam_info['groups'][group]['User Count']
members = []
for member in sam_info['groups'][group]['Members'].split("\n"):
if member:
members.append([registry.sid_to_username(member, config.folder),
member])
groups_list.append(Group(name, group_description, last_write,
user_count, members))
return groups_list
def get_users_hives(self, users_hives):
if users_hives:
for (username, hive) in users_hives:
if not os.path.isfile(hive):
raise Exception("Given user hive " + hive + " not found !")
return users_hives
else:
users_hives=[]
sam_info = registry.samparse(self.sam_hive)
for user in sam_info['users']:
username = user
for key in (k for k in registry.find_key_start_with(
self.software_hive,
"Microsoft\\Windows NT\\CurrentVersion\\ProfileList")
if "ProfileImagePath" in k['Name']):
if key['Value'].split("\\")[-1] == username:
user_folder = str(key['Value'][3:].replace("\\", "/"))
if os.path.isfile(self.folder + user_folder +
"/NTUSER.DAT"):
users_hives.append((username,
self.folder + user_folder + "/NTUSER.DAT"))
return users_hives