GetADComputers.py and readLAPS.py#1673
Merged
Merged
Conversation
This code is inspired from impacket's original GetADUsers.py. Similar to ADUsers, this will query the DC (via ldap) and retrive the list of all the computer objects and their operating system details.
Contributor
Author
|
Adding a couple of examples. |
year changed from 2023 to 2024 and updated/removed some comments
Added new flag -dns2IP, if this flag is specified, it will resolve all the IP address by making a query to the specified DC via tcp port53... it will not use the nameservers in /etc/resolv.conf
Updated description
Contributor
Author
|
updated the code, now the code can resolve the IP address.
|
This script will try to read the LAPS password in the current domain of specified user. Attributes searched in DC are: ms-Mcs-AdmPwd (password value) and ms-Mcs-AdmPwdExpirationTime (password expiry time).
Contributor
Author
|
after creating GetADComputers.py, i have created another code called readLAPS.py, this tries to read all the LAPS password from the current domain computers. |
Collaborator
|
I've been reviewing and testing this PR. I think it's pretty much ready to be merged. Thanks for submitting! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I am a big fan of impacket and when ever I start my enumeration phase, impacket is the first tool I use.
I heavily rely on impacket's GetADUsers code but I felt that we should have a similar code that basically fetches the information about computers ....
As a result, I have created a similar code (GetADComputers.py) that basically query's DC via LDAP and returns the COMPUTER objects and the useful attributes such as full dns name, operating system name and version.
Why the need of this ?
Often during pentest we land into a network/subnet where we can't see all the hosts/computers part of DC because we are in a different network / VLAN.
However, this code will request DC and as a result the hosts which are not visible in NMAP / ping /ARP scan, this code will list all those hosts in a nice format.