Add ldapshell dirsync/whoami (fortra#1424)

ThePorgs · May 23, 2024 · 452ca84 · 452ca84
1 parent f9d1d74
commit 452ca84
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/impacket/examples/ldap_shell.py b/impacket/examples/ldap_shell.py
@@ -628,6 +628,30 @@ def get_dn(self, sam_name):
         except IndexError:
             return None
 
+    def do_whoami(self, line):
+        print(self.client.extend.standard.who_am_i())
+
+    def do_dirsync(self, line):
+        arguments = shlex.split(line)
+        if len(arguments) == 0:
+            raise Exception("A query is required.")
+
+        domain_dn = self.domain_dumper.root
+        sync_filter = arguments[0]
+        attributes = list(set(['name', 'sAMAccountName', 'objectsid'] + arguments[1:]))
+
+        sync = self.client.extend.microsoft.dir_sync(domain_dn, attributes=attributes, sync_filter=sync_filter, incremental_values=False)
+
+        results = []
+        while sync.more_results:
+            results += sync.loop()
+
+        for result in results:
+            print(result['dn'])
+            for k, v in result['attributes'].items():
+                print(k, v)
+            print()
+
     def do_exit(self, line):
         if self.shell is not None:
             self.shell.close()
@@ -653,6 +677,8 @@ def do_help(self, line):
  set_rbcd target grantee - Grant the grantee (sAMAccountName) the ability to perform RBCD to the target (sAMAccountName).
  start_tls - Send a StartTLS command to upgrade from LDAP to LDAPS. Use this to bypass channel binding for operations necessitating an encrypted channel.
  write_gpo_dacl user gpoSID - Write a full control ACE to the gpo for the given user. The gpoSID must be entered surrounding by {}.
+ whoami - get connected user
+ dirsync - Dirsync requested attributes
  exit - Terminates this session.""")
 
     def do_EOF(self, line):