Closed byt3bl33d3r closed 10 months ago
Hey @byt3bl33d3r!
I actually have the same problem, I don't know why, but I can't list members of the "Domain Users" group. But I can list any other group. Could you test with any other group, besides "Domain Admins" and "Domain Users"? Thanks.
Cheers,
Y
Huh, yup that seems to be the case:
(CME) λ pwnb0x modules → λ git v4.0* → pywerview get-netgroupmember -t 192.168.10.11 -u user -p pass --groupname 'dabestgroup'
groupdomain: lab.local
groupname: dabestgroup
isgroup: False
memberdn: CN=yomama5,OU=Users,OU=Lab,DC=lab,DC=local
memberdomain: lab.local
membername: yomama5
membersid: S-1-5-21-1049426096-2728124650-4150323340-1113
groupdomain: lab.local
groupname: dabestgroup
isgroup: False
memberdn: CN=yomama3,OU=Users,OU=Lab,DC=lab,DC=local
memberdomain: lab.local
membername: yomama3
membersid: S-1-5-21-1049426096-2728124650-4150323340-1111
groupdomain: lab.local
groupname: dabestgroup
isgroup: False
memberdn: CN=yomama1,OU=Users,OU=Lab,DC=lab,DC=local
memberdomain: lab.local
membername: yomama1
membersid: S-1-5-21-1049426096-2728124650-4150323340-1109
Weird.
I'll see If I can help figure this out tomorrow. Could this be a side affect of the pyasn1 changes made to impacket?
I don't think so, this was a problem I had way before this change. I'll edit the title of your issue, and try to figure this out.
[Edit] You can still use get-netuser
if you want to list the domain users in the meantime :)
Hi!
As far as I understand, users are member of the "Domain Users" group only through their primarygroupid
and not via the memberof
LDAP attribut (ctrl+f "513" here). Thus, I think the best way extract members of this group it's to use get-netuser
with a custom filter:
$ ./pywerview.py get-netuser -w domain.lan -u administrator -p 'password123' -t 10.0.0.1 --attributes samaccountname primarygroupid --custom-filter '(&(primarygroupid=513))'
primarygroupid: 513
samaccountname: j.doe
primarygroupid: 513
samaccountname: test.doe
[...]
I think I can close this issue now (6 years...whoa).
:sunflower:
Hey man, Here's another issue I ran into recently, seems that
get-netgroupmember
fails to pull down the group members of anything accept the domain admins group:Let me know if I'm missing something, posting this at 3 AM so my brain might be fried lol
Cheers