From df59c0e101504223c575a6a860aa7945af92f3bd Mon Sep 17 00:00:00 2001 From: quentinhardy Date: Wed, 5 Oct 2016 12:02:03 -0400 Subject: [PATCH] Shows if user is in local admin grp in get_info module --- pupy/modules/get_info.py | 9 +++ .../windows/all/pupwinutils/security.py | 59 +++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/pupy/modules/get_info.py b/pupy/modules/get_info.py index 2e00b73b..7415a607 100644 --- a/pupy/modules/get_info.py +++ b/pupy/modules/get_info.py @@ -6,6 +6,7 @@ __class_name__="GetInfo" @config(cat="gather") class GetInfo(PupyModule): """ get some informations about one or multiple clients """ + dependencies=["psutil", "pupwinutils.security"] def init_argparse(self): self.arg_parser = PupyArgumentParser(prog='get_info', description=self.__doc__) #self.arg_parser.add_argument('arguments', nargs='+', metavar='') @@ -21,6 +22,14 @@ class GetInfo(PupyModule): if self.client.is_windows(): for k in windKeys: infos+="{:<10}: {}\n".format(k,self.client.desc[k]) + currentUserIsLocalAdmin = self.client.conn.modules["pupwinutils.security"].can_get_admin_access() + desc = "local_adm" + if currentUserIsLocalAdmin == True: + infos+="{:<10}: {}\n".format(desc,"Yes") + elif currentUserIsLocalAdmin == False: + infos+="{:<10}: {}\n".format(desc,"No") + else: + infos+="{:<10}: {}\n".format(desc,"?") elif self.client.is_linux(): for k in linuxKeys: infos+="{:<10}: {}\n".format(k,self.client.desc[k]) diff --git a/pupy/packages/windows/all/pupwinutils/security.py b/pupy/packages/windows/all/pupwinutils/security.py index 25887734..1250e9b9 100644 --- a/pupy/packages/windows/all/pupwinutils/security.py +++ b/pupy/packages/windows/all/pupwinutils/security.py @@ -473,3 +473,62 @@ def get_currents_privs(): privileges = ctypes.cast(buffer, ctypes.POINTER(TOKEN_PRIVS)).contents return privileges +def can_get_admin_access(): + """ + Check if the user may be able to get administrator access. + Returns True if the user is in the administrator's group. + Otherwise returns False + """ + SECURITY_MAX_SID_SIZE = 68 + WinBuiltinAdministratorsSid = 26 + ERROR_NO_SUCH_LOGON_SESSION = 1312 + ERROR_PRIVILEGE_NOT_HELD = 1314 + TokenLinkedToken = 19 + # On XP or lower this is equivalent to has_root() + if sys.getwindowsversion()[0] < 6: + return bool(ctypes.windll.shell32.IsUserAnAdmin()) + # On Vista or higher, there's the whole UAC token-splitting thing. + # Many thanks for Junfeng Zhang for the workflow: htttp://blogs.msdn.com/junfeng/archive/2007/01/26/how-to-tell-if-the-current-user-is-in-administrators-group-programmatically.aspx + proc = ctypes.windll.kernel32.GetCurrentProcess() + # Get the token for the current process. + try: + token = ctypes.wintypes.HANDLE() + ctypes.windll.advapi32.OpenProcessToken(proc,TOKEN_QUERY,byref(token)) + try: + # Get the administrators SID. + sid = ctypes.create_string_buffer(SECURITY_MAX_SID_SIZE) + sz = ctypes.wintypes.DWORD(SECURITY_MAX_SID_SIZE) + target_sid = WinBuiltinAdministratorsSid + ctypes.windll.advapi32.CreateWellKnownSid(target_sid,None,byref(sid),byref(sz)) + # Check whether the token has that SID directly. + has_admin = ctypes.wintypes.BOOL() + ctypes.windll.advapi32.CheckTokenMembership(None,byref(sid),byref(has_admin)) + if has_admin.value: + return True + # Get the linked token. Failure may mean no linked token. + lToken = ctypes.wintypes.HANDLE() + try: + cls = TokenLinkedToken + ctypes.windll.advapi32.GetTokenInformation(token,cls,byref(lToken),sizeof(lToken),byref(sz)) + except WindowsError, e: + if e.winerror == ERROR_NO_SUCH_LOGON_SESSION: + return False + elif e.winerror == ERROR_PRIVILEGE_NOT_HELD: + return False + else: + raise + # Check if the linked token has the admin SID + try: + ctypes.windll.advapi32.CheckTokenMembership(lToken,byref(sid),byref(has_admin)) + return bool(has_admin.value) + finally: + ctypes.windll.kernel32.CloseHandle(lToken) + finally: + ctypes.windll.kernel32.CloseHandle(token) + except Exception,e: + return None + finally: + try: + ctypes.windll.kernel32.CloseHandle(proc) + except Exception,e: + pass