Add computer SID for Windows systems #824
Conversation
It returns the machine SID found in the SAM hive.
This reverts commit 9c214a1.
- The machine SID from the SAM hive - The domain SID from the security policy
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #824 +/- ##
==========================================
+ Coverage 75.40% 75.51% +0.11%
==========================================
Files 302 305 +3
Lines 26152 26364 +212
==========================================
+ Hits 19720 19909 +189
- Misses 6432 6455 +23
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
@fox-evv I've suggested some changes and also added some test with this commit. One thing I could not verify myself is whether there can be multiple Machine / Domain SIDs. The initial implementation kind of seemed to suggest this. Do you encounter this scenario yourself? I left it out of this implementation because it seemed illogical to me. |
| """Return the machine- and optional domain SID of the system.""" | ||
|
|
||
| try: | ||
| key = self.target.registry.key("HKLM\\SAM\\SAM\\Domains\\Account") |
There was a problem hiding this comment.
Can there be multiple Machine- and Domain SIDS associated with one system?
This addition to the generic Windows plugin exports the machine and domain SIDs
of the target. If the system is not joined to a domain, it uses only the/
SAM hive, but if the system is domain joined, it will all so use
the Security Policy.