Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add net.py to examples #1382

Merged
merged 3 commits into from
Jul 18, 2023
Merged

add net.py to examples #1382

merged 3 commits into from
Jul 18, 2023

Conversation

NtAlexio2
Copy link
Contributor

Add new net.py file to examples as a replacement for windows net.exe builtin tool. Main features of this net.py:

  • Enumerate all objects in domain/local context, remotly (it is not possible to remote enumeration, local object, using windows builtin net.exe utility)
  • Read user/computer account information through SAMR
  • Change group membership of accounts
  • Create new user/computer accounts without touching LDAP (use RPCoverSMB instead)

@NtAlexio2 NtAlexio2 changed the title add net.py add net.py to examples Apr 12, 2023
@anadrianmanrique anadrianmanrique added the in review This issue or pull request is being analyzed label Apr 20, 2023
@anadrianmanrique anadrianmanrique added medium Medium priority item and removed in review This issue or pull request is being analyzed labels Jul 6, 2023
@anadrianmanrique anadrianmanrique self-requested a review July 6, 2023 15:22
@anadrianmanrique anadrianmanrique self-assigned this Jul 6, 2023
@anadrianmanrique anadrianmanrique removed their request for review July 6, 2023 15:55
@anadrianmanrique
Copy link
Contributor

Hi! thanks for the PR and new example! I'm currently testing it. So far it's working great. A couple of comments to share:

  • copyright notice should be updated in the script header
  • help for subcommands it's not being shown, unless I'm missing something, executing python net.py user --help doesn't show specific help for that subcommand ( same for the others one )

@anadrianmanrique anadrianmanrique added the waiting for response Further information is needed from people who opened the issue or pull request label Jul 13, 2023
@NtAlexio2
Copy link
Contributor Author

Thanks for review @anadrianmanrique

usage: net.py [-h] [-debug] [-hashes LMHASH:NTHASH] [-no-pass] [-k]
               [-aesKey hex key] [-dc-ip ip address] [-target-ip ip address]
               [-port [destination port]]
               target {user,computer,localgroup,group} ...

According to help message, target is required and comes before entry (user/computer/etc). To get command-specific help message, you need to specify both of them. for example:

┌──(kali㉿kali)-[~/git/impacket/examples]
└─$ python net.py admin:[email protected] user --help
Impacket v0.10.1.dev1+20230411.194738.4d45b435 - Copyright 2022 Fortra

usage: net.py target user [-h] [-name NAME] [-create NAME] [-remove NAME] [-newPasswd PASSWORD]

options:
  -h, --help           show this help message and exit
  -name NAME           Display single user information.
  -create NAME         Add new user account to domain/computer.
  -remove NAME         Remove existing user account from domain/computer.
  -newPasswd PASSWORD  New password to set for creating account.

which admin:[email protected] is target and user is the entry.
Is there any preferred/standard form for Impacket?

@anadrianmanrique
Copy link
Contributor

Ok, I see other remote examples with subgroups parameters behave the same ( which is kind of 'weird' ).
Anyway I'm merging this, thank you!

@anadrianmanrique anadrianmanrique merged commit fdbd256 into fortra:master Jul 18, 2023
9 checks passed
@anadrianmanrique anadrianmanrique removed the waiting for response Further information is needed from people who opened the issue or pull request label Jul 18, 2023
@NtAlexio2 NtAlexio2 deleted the ms-samr branch July 20, 2023 18:46
@T3KX
Copy link

T3KX commented Jul 25, 2023

Pretty cool, used it today and every time I added a local user, the account would be create but i could not use the password
Also i got this error during creation
[-] ord() expected a character, but string of length 0 found

I have to say I was using it though ntlmrelayx -proxy
Thanks

@anadrianmanrique
Copy link
Contributor

@T3KX please, could you open an issue describing steps and scenario configuration to reproduce it? I just tried adding a local user ( not though socks proxy ) and it worked fine. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@anadrianmanrique anadrianmanrique

Labels
medium Medium priority item
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@NtAlexio2 @anadrianmanrique @T3KX