Added user-status functionality to the SAMHashes Class of the secrestdump.py #1847
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ary to be able to print the user status for SAM dumps. There was already a user-status flag for the NTDS dumps, but not for the SAM dumps. Now, when directly calling secretsdump.py to make a SAM dump, the user can specify the -user-status flag, just like with the NTDS dump. Alternatively, when other tools are using the Secretsdump library, they can simply initiate the SAMHashes class with the printUserStatus flag set to True. The default is False, so if you don't specify anything when calling the Secretsdump Library it will do exactly as it did before. This should not break any existing tools.
anadrianmanrique
added
the
in review
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added functionality to the SAMHashes Class of the secrestdump.py library to be able to print the user status for SAM dumps.
There was already a user-status flag for the NTDS dumps, but not for the SAM dumps. Now, when directly calling secretsdump.py to make a SAM dump, the user can specify the -user-status flag, just like with the NTDS dump. Alternatively, when other tools are using the Secretsdump library, they can simply initiate the SAMHashes class with the printUserStatus flag set to True.
The default is False, so if you don't specify anything when calling the Secretsdump Library it will do exactly as it did before. This should not break any existing tools.
If the option is selected to print the user status, the following values will be printed after the usual hash:
Admin is based on the user SID being found in the members sections of the local 'Administrators' group. All information is extracted directly from the SAM, no other dependencies.
In examples/secretsdump.py there is only one actual change, on line 280 (added "printUserStatus=self.__printUserStatus"). The rest is pep8 compliance fixes.
The library (impacet/examples/secretsdump.py) contains most changes.