Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added user-status functionality to the SAMHashes Class of the secrestdump.py #1847

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

Markb1337
Copy link

Added functionality to the SAMHashes Class of the secrestdump.py library to be able to print the user status for SAM dumps.

There was already a user-status flag for the NTDS dumps, but not for the SAM dumps. Now, when directly calling secretsdump.py to make a SAM dump, the user can specify the -user-status flag, just like with the NTDS dump. Alternatively, when other tools are using the Secretsdump library, they can simply initiate the SAMHashes class with the printUserStatus flag set to True.

The default is False, so if you don't specify anything when calling the Secretsdump Library it will do exactly as it did before. This should not break any existing tools.

If the option is selected to print the user status, the following values will be printed after the usual hash:

  • Enabled=True/False
  • Locked=True/False
  • Admin=True/False

Admin is based on the user SID being found in the members sections of the local 'Administrators' group. All information is extracted directly from the SAM, no other dependencies.

In examples/secretsdump.py there is only one actual change, on line 280 (added "printUserStatus=self.__printUserStatus"). The rest is pep8 compliance fixes.

The library (impacet/examples/secretsdump.py) contains most changes.

…ary to be able to print the user status for SAM dumps. There was already a user-status flag for the NTDS dumps, but not for the SAM dumps. Now, when directly calling secretsdump.py to make a SAM dump, the user can specify the -user-status flag, just like with the NTDS dump. Alternatively, when other tools are using the Secretsdump library, they can simply initiate the SAMHashes class with the printUserStatus flag set to True. The default is False, so if you don't specify anything when calling the Secretsdump Library it will do exactly as it did before. This should not break any existing tools.
…as "locked" when the lockout duration has passed. In the previous interation, the "locked" mark was only removed after the locked account was used at least once after being unlocked.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in review This issue or pull request is being analyzed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants