Get GPOs - Retrieves GPOs in a domain

[Bebzounette]

Retrieves all GPOs in a domain by using LDAP request to the "groupPolicyContainer" and can display detailed information and all attributes about a specific GPO :

poetry run cme ldap <DC_IP> -d <DOMAIN> -u <USER> -p <PASSWORD> -M get-gpo
poetry run cme ldap <DC_IP> -d <DOMAIN> -u <USER> -p <PASSWORD> -M get-gpo -o gpo=<GPO_NAME>

[mpgn]

Hello, thanks for the module, however on my lab it didn't find anything

[ILightThings]

I see the issue.

The module is attempting to start its own connection to LDAP service rather then use the one the cme has already made.

See https://github.com/Porchetta-Industries/CrackMapExec/blob/3a2e7fb08ee01b0c6549f80f89d8ed7cd37c02b6/cme/modules/get-gpo.py#L25.

If you want to piggy back on to CME connection that is already made, use the connection object that is passed. You are already using it to get the username, password and domain.

This is the function that you will likely need. connection.ldapConnection.search().

Use the ADCS module for reference. https://github.com/Porchetta-Industries/CrackMapExec/blob/master/cme/modules/adcs.py

Edit: In addition, your connection object uses simple authentication. Domain Controller LDAP services need NTLMSSP authentication. If you record the interaction with wireshark, you can use this filter to see the difference. ldap.protocolOp == 0

[Bebzounette]

Thank you for pointing out that bug @ILightThings ! :) I did modify the script.

@mpgn Sorry I messed up with my github branch, I created a new PR, this one was deleted. You can close this one :) thank you.