Feature request.

[sho-luv]

How hard would it be to repurpose the code of psexec.py or smbclient.py to check if a the creds had administrator access to the system. psexec basically already does this I just want to be able to give it a file and instead of it giving me a shell or running commands I want it to tell me the user has admin access to the system share. smblogin.py. I will work on it if nobody else is interested.

[asolino]

Hey @sho-luv

Cannot you do it with CrackMapExec?

If you just want that, or want to play with Impacket and Python all you have to do is:

1. Connect to the target site (host is the target IP or FQDN):

s = SMBConnection('*SMBSERVER', host)

1. Log into the server:

s.login(username, password, domain)

1. Try to access the C$ share:

s.connectTree('C$')

If that call succeeds, you're admin.

If you wrap all that up into a script that take targets and username/passwords that could do what you need.

Again, I'm sure it's already implemented by somebody.

hope this helps

[sho-luv]

Sweet thanks for the helpful information. Yeah CrackMapExec doesn't distinguish between access and admin access. ... I don't think.

[asolino]

Hey @sho-luv, did you get enough information from the original question? If so please close this issue.

thanks!

[sho-luv]

Oh yeah sorry. Thanks for the help I submitted a pull request to CrackMapExec using your guidance.