Pennyw0rth
Create SMB gpos module, implement get-folder command, and add some module helper functions
Module for SMB to list and download all GPOs. Can turn off the download functionality with DOWNLOAD=False
get_gpos module:
--get-folder feature:
Would it be possible to detect a folder on a remote system? Than we could just integrate it into the existing get commands
Would it be possible to detect a folder on a remote system? Than we could just integrate it into the existing get commands
Well the current get-file command references a file, so what would we change it to? I think having them separate makes more sense.
Would it be possible to detect a folder on a remote system? Than we could just integrate it into the existing get commands
Well the current get-file command references a file, so what would we change it to? I think having them separate makes more sense.
Hmm yeah i was thinking about moving --get-file/--put-file maybe to --get/--put anyway and add some sort of deprecation warning for the old function. But of course that would only make sense if it is possible to do a smart download/upload. Thoughts?
just using the verbs "get" and "put" doesn't make it clear what you are getting or putting, so it's sorta confusing, and honestly, changing all that code to just make it a single call sounds like a huge pain in the ass that I'm not interested in doing lol
just using the verbs "get" and "put" doesn't make it clear what you are getting or putting, so it's sorta confusing, and honestly, changing all that code to just make it a single call sounds like a huge pain in the ass that I'm not interested in doing lol
I mean we are on SMB, imo its pretty clear what you are trying to achieve. But if it cant be changed by a fairly simple check or try&except call its fine i guess. I just try to limit the amount of options the smb protocol has, there are already a lot (too much imo)
I mean we are on SMB, imo its pretty clear what you are trying to achieve
Well I disagree with that... we have numerous options to get things such as users, groups, disks, computers, etc all under the SMB protocol.
I mean we are on SMB, imo its pretty clear what you are trying to achieve
Well I disagree with that... we have numerous options to get things such as users, groups, disks, computers, etc all under the SMB protocol.
That is true but it is still listed in the Options for put and get remote files. Also the options have descriptions & we have a wiki. Imo that should be enough, but if its not possible it doesnt matter anyway :D
Also imo "recursive" download should always the default for folders, but that's just my opinion, thoughts?
Yeah that makes sense, but how many levels recursive?
Also imo "recursive" download should always the default for folders, but that's just my opinion, thoughts?
Yeah that makes sense, but how many levels recursive?
My intuition would always be, that --get-folder would get the folder and all its contents. So i guess indefinitely (until the OS rejects files because of no space lol). Similar to i would copy&paste it in the file explorer
Somehow also subfolders of the specified folder were not downloaded. E.g. here the folders "Machine" and "User" are missing
@NeffIsBack ugh I'm stupid, I literally just had two args switched. Pushing a commit now with that fix plus more debugging for the future.
@NeffIsBack ugh I'm stupid, I literally just had two args switched. Pushing a commit now with that fix plus more debugging for the future.
Happens 😄 gonna test next week
My intuition would always be, that --get-folder would get the folder and all its contents. So i guess indefinitely (until the OS rejects files because of no space lol). Similar to i would copy&paste it in the file explorer
@Marshall-Hallenbeck fine for you if we set the default to a very high value, maybe something like 1000? Then you can still query one recursion level if you don't want to have all content, but the default still downloads the entire folder
My intuition would always be, that --get-folder would get the folder and all its contents. So i guess indefinitely (until the OS rejects files because of no space lol). Similar to i would copy&paste it in the file explorer
@Marshall-Hallenbeck fine for you if we set the default to a very high value, maybe something like 1000? Then you can still query one recursion level if you don't want to have all content, but the default still downloads the entire folder
Right now there is no limit, it just downloads the entire folder. I could add in a limiter though.
My intuition would always be, that --get-folder would get the folder and all its contents. So i guess indefinitely (until the OS rejects files because of no space lol). Similar to i would copy&paste it in the file explorer
@Marshall-Hallenbeck fine for you if we set the default to a very high value, maybe something like 1000? Then you can still query one recursion level if you don't want to have all content, but the default still downloads the entire folder
Right now there is no limit, it just downloads the entire folder. I could add in a limiter though.
For me it still only work with --recursive toggled on. Can we do it the other way around? Adding --non-recursive to disable recursion?
There is still something weird going on:
- It doesn't download all folders in the folder
- I still have the path i specified in the folder structure
Looks like "2." is due to the specification of the path with forward slashes, but as impacket/nxc accepts it we should probably just escape/normalize them before creating the download path:
To "1.":
-
subsubfolder3might be skipped because it is empty? However imo when we download a folder i would expect to fully have its structure downloaded -
subsubfolder2only has a folder inside and this one is empty, so that is maybe why it is skipped...? Not sure about this one though, but imo also all empty folders should be downloaded
Yeah it doesn't download empty folders because... what's the point? I guess I can add that in if you think it's a good idea... What's the use of having empty folders downloaded by default?
Yeah it doesn't download empty folders because... what's the point? I guess I can add that in if you think it's a good idea... What's the use of having empty folders downloaded by default?
Honestly, I would be super confused if half of the content of a folder would be missing, even if empty. Also there can still be information with folders, such as naming schemes etc. As a user I would expect the content to match exactly the content of the folder on the share (similar to mv/cp on Linux)
Okay, I can update it. Do you think doing something like displaying [EMPTY] when downloading it would be helpful? My concern is people downloading a big file structure that's empty and just being like "this is all useless!" lol
Okay, I can update it. Do you think doing something like displaying [EMPTY] when downloading it would be helpful? My concern is people downloading a big file structure that's empty and just being like "this is all useless!" lol
So imo downloading the folder should have the exact same outcome as connecting to the share via UI(file manager) and then copy&pasting it to your file system. If the content is then "useful" is imo up to the user.
I can think of several examples where even having an empty folder gives you useful information. E.g. you could have an upload folder or something similar with folders for each month, but what if in one month no uploads happen? Maybe someone has deleted the contents, nothing was uploaded, who knows. However, imo the existence of the folder still shows that at least the application didn't break. (just a braod, weird example but my point was that having a folder still provides information)
There is still something weird going on:
- It doesn't download all folders in the folder
Basically i don't want users to experience the same confusion as me, where i would expect subfolders to be in my downloaded folder and suddenly stuff is missing :D
@NeffIsBack Please re-review! I've made it SMB only for now due to the annoyance of creating NXC cross-protocol objects. That might be my next fun refactor lol
@Marshall-Hallenbeck there is still the bug with the forward slashes and therefore adding the remote path to the local structure:
Possibly missing path sanitation before creating the local folder structure?
Can you also set the recursive flag default to true? Was quite surprised about my empty folder when executing the command :D
@NeffIsBack Okay, cleaned up those recommendations. Ended up removing the AttributeError catch because it was just extra useless code.
OK in my ADD nature I refactored this to do more GPO stuff, so I think I'll use this for everything-GPO related. I plan on having it automatically find insecure GPOs and add in SharpGPOAbuse-type attacks as well. For now I think it's in a decent place though...
Hmm for some reason it seems that the gpt.ini files are not properly receiving their display names, but in LDAP they are displayed (I've moved this from LDAP + SMB to pure SMB for now).