Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT] Complete SAMR USER_INFORMATION_CLASS #1783

Closed
wants to merge 2 commits into from
Closed

[FEAT] Complete SAMR USER_INFORMATION_CLASS #1783

wants to merge 2 commits into from

Conversation

Adamkadaban
Copy link
Contributor

Added:

  • UserSetPasswordInformation
  • UserInternal2Information
  • UserInternal3Information
  • UserInternal6Information
  • UserExtendedInformation
  • UserLogonUIInformation
  • UserResetInformation
  • UserInternal7Information
  • UserInternal8Information

Also added necessary types:

  • BYTE_ARRAY_32K
  • ENCRYPTED_PASSWORD_AES

Based on SystemInformer: https://github.com/winsiderss/systeminformer/blob/master/phnt/include/ntsam.h

@Adamkadaban
Complete SAMR USER_INFORMATION_CLASS
96c910f 
Added:
- UserSetPasswordInformation
- UserInternal2Information
- UserInternal3Information
- UserInternal6Information
- UserExtendedInformation
- UserLogonUIInformation
- UserResetInformation
- UserInternal7Information
- UserInternal8Information

Also added necessary types:
- BYTE_ARRAY_32K
- ENCRYPTED_PASSWORD_AES

Based on SystemInformer: https://github.com/winsiderss/systeminformer/blob/master/phnt/include/ntsam.h
@Adamkadaban
Copy link
Contributor Author

Adamkadaban commented Jul 29, 2024
edited
Loading

After making this PR and testing more extensively, it seems that the rpc server is responding with STATUS_ACCESS_DENIED for:

  • UserExtendedInformation
  • UserLogonUIInformation

and STATUS_INVALID_INFO_CLASS for the rest.

I've confirmed that these work locally when calling SamQueryInformationUser as an admin.

Does anyone happen to know what could be causing this? Perhaps SAM over RPC is more limited than SAM locally?

@Adamkadaban Adamkadaban changed the title Complete SAMR USER_INFORMATION_CLASS [FEAT] Complete SAMR USER_INFORMATION_CLASS Jul 29, 2024
@anadrianmanrique anadrianmanrique added the in review This issue or pull request is being analyzed label Oct 3, 2024
@anadrianmanrique
Copy link
Contributor

@Adamkadaban thanks for the PR! Do you think it would be possible to update test_scmr.py as well, in order to cover tests regarding these new functions?
Do the target system need some particular configuration in order to execute these RPC?
TIA

@Adamkadaban
Copy link
Contributor Author

Do the target system need some particular configuration in order to execute these RPC?

Unfortunately, it looks like to me that it is impossible to call many of these remotely

Maybe someone else can figure out otherwise though

@Adamkadaban Adamkadaban deleted the branch fortra:master October 18, 2024 19:19
@Adamkadaban Adamkadaban deleted the master branch October 18, 2024 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
in review This issue or pull request is being analyzed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Adamkadaban @anadrianmanrique