Skip to content

Commit

Permalink
feat in net.py: add functionality to enable and disable user accounts
Browse files Browse the repository at this point in the history
  • Loading branch information
marcobarlottini committed Sep 1, 2024
1 parent 9aa0954 commit f740fa5
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions examples/net.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@
# python net.py Administrator:password@targetMachine group -name "Domain Admins"
# python net.py Administrator:password@targetMachine computer -name DC$
# python net.py Administrator:password@targetMachine group -name "Domain Admins" -join EvilUs3r
# python net.py Administrator:password@targetMachine user -enable EvilUs3r
# python net.py Administrator:password@targetMachine user -disable EvilUs3r
#
# Author:
# Alex Romero (@NtAlexio2)
Expand Down Expand Up @@ -220,6 +222,24 @@ def _hEnableAccount(self, user_handle):
buffer['Control']['UserAccountControl'] = samr.USER_ALL_ADMINCOMMENT
samr.hSamrSetInformationUser2(self._dce, user_handle, buffer)

def _hDisableAccount(self, user_handle):
buffer = samr.SAMPR_USER_INFO_BUFFER()
buffer['tag'] = samr.USER_INFORMATION_CLASS.UserControlInformation
buffer['Control']['UserAccountControl'] = samr.USER_ACCOUNT_DISABLED | samr.USER_NORMAL_ACCOUNT
samr.hSamrSetInformationUser2(self._dce, user_handle, buffer)

def SetUserAccountControl(self, name, action):
domain_handle = self._open_domain()
try:
user_handle = self._get_user_handle(domain_handle, name)
if action == 'enable':
self._hEnableAccount(user_handle)
else:
self._hDisableAccount(user_handle)
finally:
self._close_domain()



class Computer(User):
def __init__(self, smbConnection):
Expand Down Expand Up @@ -358,6 +378,16 @@ def run(self, remoteName, remoteHost):
actionObject.Remove(self.__options.remove)
print("[+] {} account deleted succesfully!".format(self.__action))

elif self.__is_option_present(self.__options, 'enable'):
print("[*] Enabling {} account '{}'".format(self.__action, self.__options.enable))
actionObject.SetUserAccountControl(self.__options.enable, "enable")
print("[+] {} account enabled succesfully!".format(self.__action))

elif self.__is_option_present(self.__options, 'disable'):
print("[*] Disabling {} account '{}'".format(self.__action, self.__options.disable))
actionObject.SetUserAccountControl(self.__options.disable, "disable")
print("[+] {} account disabled succesfully!".format(self.__action))

elif self.__is_option_present(self.__options, 'join'):
print("[*] Adding user account '{}' to group '{}'".format(self.__options.join,self.__options.name))
actionObject.Join(self.__options.name, self.__options.join)
Expand Down Expand Up @@ -466,6 +496,8 @@ def __is_option_present(self, options, option):
user_parser.add_argument('-create', action="store", metavar = "NAME", help='Add new user account to domain/computer.')
user_parser.add_argument('-remove', action="store", metavar = "NAME", help='Remove existing user account from domain/computer.')
user_parser.add_argument('-newPasswd', action="store", metavar = "PASSWORD", help='New password to set for creating account.')
user_parser.add_argument('-enable', action="store", metavar = "NAME", help='Enables account.')
user_parser.add_argument('-disable', action="store", metavar = "NAME", help='Disables account.')

computer_parser = subparsers.add_parser('computer', help='Enumerate all computers in domain level')
computer_parser.add_argument('-name', action="store", metavar = "NAME", help='Display single computer information.')
Expand Down

0 comments on commit f740fa5

Please sign in to comment.