Skip to content

Commit

Permalink
Update msLDAPDump.py
Browse files Browse the repository at this point in the history
- Added checks for domain trusts
- Tinkered more with the handling of child domain handling
  • Loading branch information
dievus authored Jan 28, 2023
1 parent fd2e589 commit 1359407
Showing 1 changed file with 11 additions and 13 deletions.
24 changes: 11 additions & 13 deletions msLDAPDump.py
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ def authenticated_bind(self):
print(self.success +
f"[success] Connected to {self.hostname}.\n" + self.close)
self.laps(), self.search_users(), self.machine_quota(), self.search_groups(), self.admin_accounts(), self.kerberoast_accounts(), self.aspreproast_accounts(), self.unconstrained_search(), self.constrainted_search(
), self.computer_search(), self.ad_search(), self.mssql_search(), self.exchange_search(), self.gpo_search(), self.admin_count_search(), self.find_fields()
), self.computer_search(), self.ad_search(), self.trusted_domains(), self.mssql_search(), self.exchange_search(), self.gpo_search(), self.admin_count_search(), self.find_fields()

def ntlm_bind(self):
try:
Expand Down Expand Up @@ -217,7 +217,7 @@ def ntlm_bind(self):
print(self.success +
f"[success] Connected to {self.hostname}.\n" + self.close)
self.laps(), self.search_users(), self.machine_quota(), self.search_groups(), self.admin_accounts(), self.kerberoast_accounts(), self.aspreproast_accounts(), self.unconstrained_search(), self.constrainted_search(
), self.computer_search(), self.ad_search(), self.mssql_search(), self.exchange_search(), self.gpo_search(), self.admin_count_search(), self.find_fields()
), self.computer_search(), self.ad_search(), self.trusted_domains(), self.mssql_search(), self.exchange_search(), self.gpo_search(), self.admin_count_search(), self.find_fields()

def laps(self):
# Check for LAPS passwords accessible to the current user
Expand Down Expand Up @@ -532,27 +532,25 @@ def ad_search(self):
f.close()

def trusted_domains(self):
self.conn.search(f'{self.dom_1}', '(&(objectClass=trusteddDomain))',
self.conn.search(f'{self.dom_1}', '(trustPartner=*)',
attributes=ldap3.ALL_ATTRIBUTES)
entries_val = self.conn.entries
print('\n' + '-'*31 + 'Trusted Domains' + '-'*31 + '\n')
print('\n' + '-'*33 + 'Trusted Domains' + '-'*33 + '\n')
entries_val = str(entries_val)
print(entries_val)
if os.path.exists(f"{self.domain}.domaintrusts.txt"):
os.remove(f"{self.domain}.domaintrusts.txt")
with open(f"{self.domain}.domaintrusts.txt", 'a') as f:
f.write(entries_val)
f.close()
with open(f"{self.domain}.domaintrusts.txt", 'r+') as f:
comp_val = 0
trust_val = 0
for line in f:
if line.startswith(' dNSHostName: '):
comp_name = line.strip()
comp_name = comp_name.replace('dNSHostName: ', '')
comp_name = comp_name.replace('$', '')
print(comp_name)
comp_val += 1
if comp_val >= 25:
if line.startswith(' trustPartner:'):
trust_name = line.strip()
trust_name = trust_name.replace('trustPartner:', '')
print(trust_name)
trust_val += 1
if trust_val >= 25:
print(
self.info + f'\n[info] Truncating results at 25. Check {self.domain}.domaintrusts.txt for full details.' + self.close)
break
Expand Down

0 comments on commit 1359407

Please sign in to comment.