Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix groups in domain\username format #26

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix groups in domain\username format #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,20 @@ Alternatively, the group files can simply be a list of users, one per line, in t

>domain\username

[Here](https://gist.githubusercontent.com/joswr1ght/c557f8627832d54458c810e43be9c055/raw/b46e5e976196a20e7ecfe88da7d7a22c747d64e0/groupenumeration.ps1) is a PowerShell one-liner to create group files for all groups.
Here is a small PowerShell script to create "Schema Admins.txt"
```sh
$GroupName = "Schema Admins"
$UPNS = Get-ADGroupMember -Identity $GroupName -Recursive | % {Get-ADUser $_.samaccountname|select userprincipalname -ExpandProperty userprincipalname}
$UPNS = $UPNS| Sort-Object | Get-Unique
$output = @()
foreach ($UPN in $UPNS) {
$user, $domain = $UPN -split '@'
$fqdn = $domain + '\' + $user
$output += $fqdn
}
$file = $GroupName + ".txt"
$output | Out-File -filepath $file
```

The Domain Password Audit Tool also has the handy feature to finish cracking the LM hashes for any hashes where the NT hash was not cracked. This asssumes that you have used Hashcat to brute force all 7 character passwords with the following command:

Expand Down
21 changes: 13 additions & 8 deletions dpat.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,17 +191,22 @@ def crack_it(nt_hash, lm_pass):
if "MemberName" in line:
user_name = (line.split(":")[1]).strip()
users.append(user_domain + "\\" + user_name)
except:
print("Doesn't look like the Group Files are in the form output by PowerView, assuming the files are already in domain\\username list form")
# If the users array is empty, assume the file was not in the PowerView PowerShell script output format that you get from running:
# Get-NetGroupMember -GroupName "Enterprise Admins" -Domain "some.domain.com" -DomainController "DC01.some.domain.com" > Enterprise Admins.txt
# You can list domain controllers for use in the above command with Get-NetForestDomain
if len(users) == 0:
fing = open(group[1])
users = []
if len(users) != 0:
fing.close()
else:
print("Doesn't look like the Group Files are in the form output by PowerView, assuming the files are already in domain\\username list form")
# If the users array is empty, assume the file was not in the PowerView PowerShell script output format that you get from running:
# Get-NetGroupMember -GroupName "Enterprise Admins" -Domain "some.domain.com" -DomainController "DC01.some.domain.com" > Enterprise Admins.txt
# You can list domain controllers for use in the above command with Get-NetForestDomain

fing.seek(0)
# Reset File pointer to first line and try again
for line in fing:
users.append(line.rstrip("\n"))
fing.close()
except:
fing.close()
print("unknown exception while processing group file(s)")
groups_users[group[0]] = users

# Read in NTDS file
Expand Down