Python impacket.dcerpc.v5.samr.hSamrGetGroupsForUser() Examples
The following are 5
code examples of impacket.dcerpc.v5.samr.hSamrGetGroupsForUser().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.samr
, or try the search function
.
.
Example #1
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_hSamrGetGroupsForUser(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenUser()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS
request['UserId'] = samr.DOMAIN_USER_RID_ADMIN
resp = dce.request(request)
resp.dump()
resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle'])
resp.dump()
Example #2
| Source File: test_samr.py From cracke-dit with MIT License | 5 votes |
|
def test_hSamrGetGroupsForUser(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenUser()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS
request['UserId'] = samr.DOMAIN_USER_RID_ADMIN
resp = dce.request(request)
resp.dump()
resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle'])
resp.dump()
Example #3
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_hSamrGetGroupsForUser(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenUser()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS
request['UserId'] = samr.DOMAIN_USER_RID_ADMIN
resp = dce.request(request)
resp.dump()
resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle'])
resp.dump()
Example #4
| Source File: test_samr.py From PiBunny with MIT License | 5 votes |
|
def test_hSamrGetGroupsForUser(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenUser()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS
request['UserId'] = samr.DOMAIN_USER_RID_ADMIN
resp = dce.request(request)
resp.dump()
resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle'])
resp.dump()
Example #5
| Source File: enumerid.py From enumerid with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def enumerate_user_info(self, dce, domain_handle):
# Most of this method was built using logic from samrdump.py
user_request = samr.hSamrOpenUser(dce, domain_handle, samr.MAXIMUM_ALLOWED, self.rid)
self.log.info('[*] User RID detected. Enumerating information on user..\n')
info = samr.hSamrQueryInformationUser(dce, user_request['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation)
user = info['Buffer']['All']
pass_last_set = self.expiration_check(user, 'PasswordLastSet')
account_expires = self.expiration_check(user, 'AccountExpires')
pass_expires = self.expiration_check(user, 'PasswordMustChange')
pass_can_change = self.expiration_check(user, 'PasswordCanChange')
last_logon = self.expiration_check(user, 'LastLogon')
account_active = self.attribute_bool(user, samr.USER_ACCOUNT_DISABLED)
user_may_change_pass = self.attribute_bool(user, samr.USER_CHANGE_PASSWORD)
password_required = self.attribute_bool(user, samr.USER_PASSWORD_NOT_REQUIRED)
workstations_allowed = user['WorkStations']
if workstations_allowed == '':
workstations_allowed = 'All'
self.log.info('User name\t\t\t{0}'.format(user['UserName']))
self.log.info('User RID\t\t\t{0}'.format(user['UserId']))
self.log.info('Full Name\t\t\t{0}'.format(user['FullName']))
self.log.info('Comment\t\t\t\t{0}'.format(user['AdminComment']))
self.log.info("User's Comment\t\t\t\t{0}".format(user['UserComment']))
self.log.info('Country/region code\t\t{0}'.format(user['CountryCode']))
self.log.info('Account active\t\t\t{0}'.format(account_active))
self.log.info('Account expires\t\t\t{0}\n'.format(account_expires))
self.log.info('Password last set\t\t{0}'.format(pass_last_set))
self.log.info('Password expires\t\t{0}'.format(pass_expires))
self.log.info('Password changeable\t\t{0}'.format(pass_can_change))
self.log.info('Password required\t\t{0}'.format(password_required))
self.log.info('Bad Password Count\t\t{0}'.format(user['BadPasswordCount']))
self.log.info('User may change password\t{0}\n'.format(user_may_change_pass))
self.log.info('Workstations allowed\t\t{0}'.format(workstations_allowed))
self.log.info('Logon script\t\t\t\t{0}'.format(user['ScriptPath']))
self.log.info('User profile\t\t\t\t{0}'.format(user['ProfilePath']))
self.log.info('Home directory\t\t\t{0}'.format(user['HomeDirectory']))
self.log.info('Home directory drive\t\t{0}\n'.format(user['HomeDirectoryDrive']))
self.log.info('Group Memberships')
group_rids = samr.hSamrGetGroupsForUser(dce, user_request['UserHandle'])['Groups']['Groups']
for i, group_rid in enumerate(group_rids):
group_rid = group_rids[i]['RelativeId']
group_request = samr.hSamrOpenGroup(dce, domain_handle, samr.MAXIMUM_ALLOWED, group_rid)
group_info = samr.hSamrQueryInformationGroup(dce, group_request['GroupHandle'])
group_name = group_info['Buffer']['General']['Name']
group_comment = group_info['Buffer']['General']['AdminComment']
self.log.info('Name: {0}\nDesc: {1}\n'.format(group_name, group_comment))
samr.hSamrCloseHandle(dce, user_request['UserHandle'])
samr.hSamrCloseHandle(dce, group_request['GroupHandle'])
