public void TestGetUsers()
{
Domain.DomainSearcher searcher = new Domain.DomainSearcher();
IList <Domain.DomainObject> users = searcher.GetDomainUsers();
foreach (Domain.DomainObject user in users)
{
Assert.IsTrue(user.distinguishedname.ToLower().Contains(Environment.UserDomainName.ToLower()));
}
Assert.AreEqual(1, users.Where(U => U.samaccountname == "krbtgt").ToList().Count());
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
Domain.DomainSearcher domainSearcher = new Domain.DomainSearcher();
List <string> usernames = null;
if (RunParams.TryGetValue("UserName", out Parameter username))
{
usernames = username.Value;
}
List <Domain.DomainObject> domainUsers = domainSearcher.GetDomainUsers(usernames);
foreach (Domain.DomainObject user in domainUsers)
{
string description;
string adminCount;
if (user.description != null)
{
description = user.description;
}
else
{
description = "[NO DESCRIPTION]";
}
if (user.admincount != null)
{
adminCount = user.admincount;
}
else
{
adminCount = "[NOT SET]";
}
Printing.TableHeader("Property", "Value");
Printing.TableItem("SamAccountName", user.samaccountname);
Printing.TableItem("Description", description);
Printing.TableItem("DistinguishedName", user.distinguishedname);
Printing.TableItem("AdminCount", adminCount);
Printing.TableItem("MemberOf", user.memberof);
Printing.TableItem("Password Last Set", user.pwdlastset.ToString());
Printing.TableItem("Last Logon", user.lastlogon.ToString());
Printing.TableItem("Bad Password Count", user.badpwdcount);
Printing.TableItem("Last Bad Password", user.badpasswordtime.ToString());
}
}
static void GetDomainAdministrators()
{
//checks the domain for users with domain administrator rights or higher
//checks wether those users have sessions on any host of the domain
Console.WriteLine("[*] Enumerating Administrators");
Domain.DomainSearcher searcher = new Domain.DomainSearcher();
IList <Domain.DomainObject> users = searcher.GetDomainUsers(null);
sw.WriteLine("Domain Administrators:");
//List of logged in Users of a System
foreach (Domain.DomainObject user in users)
{
if ((user.admincount == "1" && !(user.name.Contains("$")) && !(user.name.Contains("krbtgt"))))
{
Console.WriteLine("[+] Found Domain Administrator: " + user.name.ToString());
sw.WriteLine("\\item " + user.name.ToString());
SharpSploit.Enumeration.Domain.DomainSearcher usersearcher = new SharpSploit.Enumeration.Domain.DomainSearcher();
List <SharpSploit.Enumeration.Domain.DomainObject> c = usersearcher.GetDomainComputers();
foreach (SharpSploit.Enumeration.Domain.DomainObject val in c)
{
List <Net.LoggedOnUser> AdministratorSessions = Net.GetNetLoggedOnUsers(new List <string> {
val.name
});
foreach (var b in AdministratorSessions)
{
if ((!(b.UserName.Contains("$")) && b.UserName == user.name))
{
Console.WriteLine("[+] Found session on " + b.ComputerName + " for: " + b.UserName);
sw.WriteLine("[+] Found session on " + b.ComputerName + " for: " + b.UserName);
}
}
}
}
}
}