Esempio n. 1
0
        public void TestGetUsers()
        {
            Domain.DomainSearcher       searcher = new Domain.DomainSearcher();
            IList <Domain.DomainObject> users    = searcher.GetDomainUsers();

            foreach (Domain.DomainObject user in users)
            {
                Assert.IsTrue(user.distinguishedname.ToLower().Contains(Environment.UserDomainName.ToLower()));
            }
            Assert.AreEqual(1, users.Where(U => U.samaccountname == "krbtgt").ToList().Count());
        }
Esempio n. 2
0
        public override void Run(Dictionary <String, Parameter> RunParams)
        {
            Domain.DomainSearcher domainSearcher = new Domain.DomainSearcher();
            List <string>         usernames      = null;

            if (RunParams.TryGetValue("UserName", out Parameter username))
            {
                usernames = username.Value;
            }

            List <Domain.DomainObject> domainUsers = domainSearcher.GetDomainUsers(usernames);

            foreach (Domain.DomainObject user in domainUsers)
            {
                string description;
                string adminCount;
                if (user.description != null)
                {
                    description = user.description;
                }
                else
                {
                    description = "[NO DESCRIPTION]";
                }

                if (user.admincount != null)
                {
                    adminCount = user.admincount;
                }
                else
                {
                    adminCount = "[NOT SET]";
                }
                Printing.TableHeader("Property", "Value");
                Printing.TableItem("SamAccountName", user.samaccountname);
                Printing.TableItem("Description", description);
                Printing.TableItem("DistinguishedName", user.distinguishedname);
                Printing.TableItem("AdminCount", adminCount);
                Printing.TableItem("MemberOf", user.memberof);
                Printing.TableItem("Password Last Set", user.pwdlastset.ToString());
                Printing.TableItem("Last Logon", user.lastlogon.ToString());
                Printing.TableItem("Bad Password Count", user.badpwdcount);
                Printing.TableItem("Last Bad Password", user.badpasswordtime.ToString());
            }
        }
Esempio n. 3
0
        static void GetDomainAdministrators()
        {
            //checks the domain for users with domain administrator rights or higher
            //checks wether those users have sessions on any host of the domain
            Console.WriteLine("[*] Enumerating Administrators");
            Domain.DomainSearcher       searcher = new Domain.DomainSearcher();
            IList <Domain.DomainObject> users    = searcher.GetDomainUsers(null);

            sw.WriteLine("Domain Administrators:");

            //List of logged in Users of a System


            foreach (Domain.DomainObject user in users)
            {
                if ((user.admincount == "1" && !(user.name.Contains("$")) && !(user.name.Contains("krbtgt"))))
                {
                    Console.WriteLine("[+] Found Domain Administrator: " + user.name.ToString());
                    sw.WriteLine("\\item " + user.name.ToString());

                    SharpSploit.Enumeration.Domain.DomainSearcher      usersearcher = new SharpSploit.Enumeration.Domain.DomainSearcher();
                    List <SharpSploit.Enumeration.Domain.DomainObject> c            = usersearcher.GetDomainComputers();

                    foreach (SharpSploit.Enumeration.Domain.DomainObject val in c)
                    {
                        List <Net.LoggedOnUser> AdministratorSessions = Net.GetNetLoggedOnUsers(new List <string> {
                            val.name
                        });
                        foreach (var b in AdministratorSessions)
                        {
                            if ((!(b.UserName.Contains("$")) && b.UserName == user.name))
                            {
                                Console.WriteLine("[+] Found session on " + b.ComputerName + " for: " + b.UserName);
                                sw.WriteLine("[+] Found session on " + b.ComputerName + " for: " + b.UserName);
                            }
                        }
                    }
                }
            }
        }