the-useless-one / pywerview Goto Github PK
View Code? Open in Web Editor NEWA (partial) Python rewriting of PowerSploit's PowerView
License: GNU General Public License v3.0
A (partial) Python rewriting of PowerSploit's PowerView
License: GNU General Public License v3.0
If you run the script w/o specifying the password, it will prompt for the password but it will never be used.
Problem lies here, it should be replaced to:
if not args.password and not args.hashes:
from getpass import getpass
args.password = getpass('Password:')
Same error as #5 but in get-netgroupmember
$ ./pywerview.py get-netgroupmember -w my.long.domain.xxx -u user -p p@$$w0rd --dc-ip 192.168.1.1 --groupname "Domain Admins"
Traceback (most recent call last):
File "./pywerview.py", line 24, in <module>
main()
File "/home/zzz/tools/pywerview/pywerview/cli/main.py", line 347, in main
results = args.func(**parsed_args)
File "/home/zzz/tools/pywerview/pywerview/cli/helpers.py", line 128, in get_netgroupmember
full_data=full_data, custom_filter=custom_filter)
File "/home/zzz/tools/pywerview/pywerview/requester.py", line 127, in wrapper
return f(*args, **kwargs)
File "/home/zzz/tools/pywerview/pywerview/functions/net.py", line 355, in get_netgroupmember
members = _get_members(groupname, sid)
File "/home/zzz/tools/pywerview/pywerview/functions/net.py", line 313, in _get_members
members += self.get_netuser(custom_filter=dn_filter)
File "/home/zzz/tools/pywerview/pywerview/requester.py", line 127, in wrapper
return f(*args, **kwargs)
File "/home/zzz/tools/pywerview/pywerview/functions/net.py", line 69, in get_netuser
return self._ldap_search(user_search_filter, adobj.User)
File "/home/zzz/tools/pywerview/pywerview/requester.py", line 96, in _ldap_search
attributes=attributes)
File "/usr/local/lib/python2.7/dist-packages/impacket/ldap/ldap.py", line 351, in search
searchRequest['filter'] = self._parseFilter(searchFilter)
File "/usr/local/lib/python2.7/dist-packages/impacket/ldap/ldap.py", line 448, in _parseFilter
filterList = list(reversed(unicode(filterStr)))
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 51: ordinal not in range(128)
Cheers from eastern europe 🍻
it does not work with either python 2.7 or 3 in new kali
raceback (most recent call last):
File "pywerview.py", line 21, in
from pywerview.cli.main import main
File "/root/HADES/pywerview-fix_preauth/pywerview/cli/main.py", line 22, in
from pywerview.cli.helpers import *
File "/root/HADES/pywerview-fix_preauth/pywerview/cli/helpers.py", line 21, in
from pywerview.functions.net import NetRequester
File "/root/HADES/pywerview-fix_preauth/pywerview/functions/net.py", line 22, in
from impacket.dcerpc.v5.ndr import NULL
ImportError: No module named impacket.dcerpc.v5.ndr
UPDATED
impacket from repo
command python powerview.py -w fullyqualdomainname -u -p -d fqdn.name --username blah
my assumption it is this line of code :
https://github.com/the-useless-one/pywerview/blob/master/pywerview/objects/adobjects.py#L53
as it does not happen with every user.
powerview is Get-NetUser -UserName -DomainController
Not sure why but basically all ldap queries have started returning the following error for me:
Traceback (most recent call last):
File "/usr/local/bin/pywerview", line 9, in
load_entry_point('pywerview==0.1.1', 'console_scripts', 'pywerview')()
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/cli/main.py", line 347, in main
results = args.func(**parsed_args)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/cli/helpers.py", line 166, in get_netlocalgroup
list_groups=list_groups, recurse=recurse)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 127, in wrapper
return f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 197, in wrapper
return f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/net.py", line 550, in get_netlocalgroup
ad_object = self.get_adobject(queried_sid=member_sid)[0]
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 127, in wrapper
return f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/net.py", line 44, in get_adobject
return self._ldap_search(object_filter, adobj.ADObject)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 92, in _ldap_search
size=1000)
File "/usr/local/lib/python2.7/dist-packages/impacket/ldap/ldapasn1.py", line 582, in init
self['controlType'] = CONTROL_PAGEDRESULTS
File "/usr/lib/python2.7/dist-packages/pyasn1/type/univ.py", line 727, in setitem
self.setComponentByName(idx, value)
File "/usr/lib/python2.7/dist-packages/pyasn1/type/univ.py", line 760, in setComponentByName
verifyConstraints
File "/usr/local/lib/python2.7/dist-packages/impacket/ldap/ldapasn1.py", line 552, in setComponentByPosition
matchConstraints=matchConstraints)
TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'
This is with the latest impacket library installed.
This bug blocks byt3bl33d3r/CrackMapExec#317
Thank you.
Hi dude !
Because of non ascii characters (maudits français) in the group name or the description, PywerView is not able to diplay them. Same problem in get-netshare
.
Affected functions : get-netlocalgroup
and get-netshare
(but maybe in others too)
$ ./pywerview.py get-netlocalgroup -w DOMAIN.lan -u administrator -p p@ssw0rd --dc-ip DC.domain.lan --computername COMPUTER01.domain.lan --list-groups
Traceback (most recent call last):
File "./pywerview.py", line 285, in
print '\n\n'.join(str(x) for x in results)
File "./pywerview.py", line 285, in
print '\n\n'.join(str(x) for x in results)
File "/home/x/tools/pywerview/pywerview/rpcobjects.py", line 50, in str
s += '{}: {}{}\n'.format(member[0], ' ' * (max_length - len(member[0])), member[1])
UnicodeEncodeError: 'ascii' codec can't encode character u'\xe8' in position 56: ordinal not in range(128)
PS C:\Users\administrator> Get-NetLocalGroup -ComputerName COMPUTER01.domain.lan -ListGroup
Server Group SID Description
COMPUTER01.domain.lan Administrateurs S-X-X-XX-XXX Les membres du groupe Admi...
COMPUTER01.domain.lan Duplicateurs S-X-X-XX-XXX Prend en charge la réplica...
COMPUTER01.domain.lan Invités S-X-X-XX-XXX Les membres du groupe Invi...
[..]
$ ./pywerview.py get-netshare -w DOMAIN.lan -u administrator -p p@ssw0rd --computername COMPUTER01.domain.lan
Traceback (most recent call last):
File "./pywerview.py", line 285, in
print '\n\n'.join(str(x) for x in results)
File "./pywerview.py", line 285, in
print '\n\n'.join(str(x) for x in results)
File "/home/x/tools/pywerview/pywerview/rpcobjects.py", line 50, in str
s += '{}: {}{}\n'.format(member[0], ' ' * (max_length - len(member[0])), member[1])
UnicodeEncodeError: 'ascii' codec can't encode character u'\xe0' in position 15: ordinal not in range(128)
PS C:\Users\administrator> get-netshare -ComputerName COMPUTER01.domain.lan
shi1_netname shi1_type shi1_remark
IPC$ 2147483651 IPC distant
SharedDocs 0
print$ 0 Pilotes d'imprimantes
ADMIN$ 2147483648 Administration à distance
C$ 2147483648 Partage par défaut
(Oh for f*** sake's Github...)
By the way awesome tool ahah 👍
"I'm fear of encoding"
Hi,
in the latest README.md the gMSA enumeration command is marked as get-adserviceaccount.
However the code uses get-netgmsa instead.
Could you please fix it to be aligned with the documentation ?
Thank you
Hi dude !
When get-adobject
is used without argument an exception occurs. Maybe you could specify the mandatory arguments in the README or you could set a default query filter such as in Powerview (a wildcard).
$ ./pywerview.py get-adobject -w DOMAIN.lan -u administrator -p p@ssw0rd --dc-ip 192.168.1.1
Traceback (most recent call last):
File "./pywerview.py", line 279, in
results = args.func(**parsed_args)
File "/home/x/tools/pywerview/pywerview/net.py", line 46, in get_adobject
raise ValueError('[!] Must give at least one argument in '
ValueError: [!] Must give at least one argument in (queried_sid, queried_name, queried_sam_account_name)
PS C:\Users\administrator> Get-ADObject
msds-isdomainfor : CN=NTDS Settings,CN=DC-DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=lan
lockoutobservationwindow : -18000000000
iscriticalsystemobject : True
maxpwdage : -36288000000000
[...]
👍
"But there is no fly"
Not really an issue, but get-netgroupmember
does not diplay the Windows's login on its output. In Powerview, MemberName
is the account's login and in PywerView it's just the full name. Moreover groupdomain
value are not the same in this example and I don't know why (maybe this is another issue).
$ ./pywerview.py get-netgroupmember -w DOMAIN.lan -u administrator -p p@ssw0rd --dc-ip 192.168.1.1 --groupname Compta
groupdomain: None
groupname: Compta
isgroup: False
memberdn: CN=Jane Doe,OU=gq,DC=domain,DC=lan
memberdomain: domain.lan
membername: Jane Doe
PS C:\Users\administrator> Get-NetGroupMember -Groupname Compta
GroupDomain : domain.lan
GroupName : Compta
MemberDomain : domain.lan
MemberName : j.doe
MemberSid : S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX
IsGroup : False
MemberDN : CN=Jane Doe,OU=gq,DC=domain,DC=lan
And bla bla thanks bla bla nice tool bla bla :thumbs up:
"quote"
The function use the parameter dnshostname to filter the results, but using this filter the function returns only a partial list of the domain computers. To get a complete list of the domain computers is necessary to modify the file net.py and change the following line (278 -282)
for (attr_desc, attr_value) in (('servicePrincipalName', queried_spn),
('operatingSystem', queried_os), ('operatingsystemservicepack', queried_sp),
('dnsHostName', queried_computername)):
if attr_value:
computer_search_filter += '({}={})'.format(attr_desc, attr_value)
with
for (attr_desc, attr_value) in (('servicePrincipalName', queried_spn),
('operatingSystem', queried_os), ('operatingsystemservicepack', queried_sp),
('sAMAccountName', queried_computername)):
if attr_value:
computer_search_filter += '({}={})'.format(attr_desc, attr_value)
Heya,
More of a question than an issue, was wondering if you'll be publishing this to Pypi? this will allow me to use Pywerview in CrackMapExec (sort of a match made in heaven really).
Thanks!
Once again, not really a issue, but I think the output would be prettier without blank lines between each name.
Affected functions : get-netcomputer
and get-netgroup
(but maybe in others too)
$ ./pywerview.py get-netcomputer -w DOMAIN.lan -u administrator -p p@ssw0rd --dc-ip 192.168.1.1
dnshostname: DC.domain.lan
dnshostname: COMPUTER01.domain.lan
dnshostname: COMPUTER02.domain.lan
dnshostname: COMPUTER03.domain.lan
PS C:\Users\administrator> get-netcomputer
DC.domain.lan
COMPUTER01.domain.lan
COMPUTER02.domain.lan
COMPUTER03.domain.lan
My issue Gatling is out of ammo now, good nigh and good luck 😋
"Pour l'amour du bel output"
Hey man,
Here's another issue I ran into recently, seems that get-netgroupmember
fails to pull down the group members of anything accept the domain admins group:
(CME) λ pwnb0x modules → λ git v4.0* → pywerview get-netgroupmember -t 192.168.10.12 -u user -p pass --groupname 'Domain Admins' -r
groupdomain: lab.local
groupname: Domain Admins
isgroup: False
memberdn: CN=Administrator,CN=Users,DC=lab,DC=local
memberdomain: lab.local
membername: Administrator
membersid: S-1-5-21-1049426096-2728124650-4150323340-500
(CME) λ pwnb0x modules → λ git v4.0* → pywerview get-netgroupmember -t 192.168.10.12 -u user -p pass --groupname 'Domain Users' -r
(CME) λ pwnb0x modules → λ git v4.0* → pywerview get-netgroupmember -t 192.168.10.12 -u user -p pass --groupname 'Users' -r
groupdomain: lab.local
groupname: Users
isgroup: True
memberdn: CN=Domain Users,CN=Users,DC=lab,DC=local
memberdomain: lab.local
membername: Domain Users
membersid: S-1-5-21-1049426096-2728124650-4150323340-513
Let me know if I'm missing something, posting this at 3 AM so my brain might be fried lol
Cheers
I have this exception when I try to use get-netloggedon
against XP box (yeah, I know, deprecated, but...).
Seems more an impacket error but maybe you could PR the project :D or tag this issue as "won't fix" :(
(tested with "git clone" version of impacket, not the stable release)
$ ./pywerview.py get-netloggedon -w DOMAIN.lan -u administrator -p p@ssw0rd --computername WINDOWSXP.domain.lan
Traceback (most recent call last):
File "./pywerview.py", line 279, in
results = args.func(**parsed_args)
File "/home/x/tools/pywerview/pywerview/net.py", line 467, in get_netloggedon
resp = wkst.hNetrWkstaUserEnum(dce, 1)
File "/usr/local/lib/python2.7/dist-packages/impacket/dcerpc/v5/wkst.py", line 1020, in hNetrWkstaUserEnum
return dce.request(request)
File "/usr/local/lib/python2.7/dist-packages/impacket/dcerpc/v5/rpcrt.py", line 837, in request
answer = self.recv()
File "/usr/local/lib/python2.7/dist-packages/impacket/dcerpc/v5/rpcrt.py", line 1299, in recv
raise DCERPCException(rpc_status_codes[status_code])
impacket.dcerpc.v5.rpcrt.DCERPCException: rpc_x_bad_stub_data
PS C:\Users\administrator> Get-NetLoggedon -ComputerName WINDOWSXP.domain.lan
wkui1_username wkui1_logon_domain wkui1_oth_domains wkui1_logon_server
WINDOWSXP$ DOMAIN
j.doe DOMAIN DC-DOMAIN
Thanks, very usefull tool 👍
"The old polish man still uses XP"
Conversion of the function Invoke-ACLScanner
Thank you for last reply. I have another request :)
In cross-forest (inter-realm) attacks, forging golden tickets or trust tickets requires the use of a custom group in the target forest which has RID 1000 or higher. While I can use the command get-netgroup
to identify groups and see their RIDs as part of their SIDs, it is cumbersome to use. Even if I grep out RIDs.
Typically the information I am primarily looking for is a group's objectsid
, memberof
, members
and name
but the information is only relevant if a group's RID is 1000 or higher. Is there any way you could implement some sort of functionalty to filter on RID and if that is 1000 or higher, output the rest (complete) of the information you output today? Thanks!
Hi,
I was trying to install your tool on Kali 2023.4 today but I got the below error. It is still possible to display the help for your tool but I have not tested your tool other than that so I do not know if some parts of it is not working.
/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!
********************************************************************************
Please avoid running ``setup.py`` directly.
Instead, use pypa/build, pypa/installer or other
standards-based tools.
See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
********************************************************************************
!!
self.initialize_options()
Traceback (most recent call last):
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 156, in save_modules
yield saved
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 198, in setup_context
yield
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 259, in run_setup
_execfile(setup_script, ns)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 46, in _execfile
exec(code, globals, locals)
File "/tmp/easy_install-akiee3g_/impacket-0.11.0/setup.py", line 52, in <module>
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/__init__.py", line 107, in setup
return distutils.core.setup(**attrs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/core.py", line 185, in setup
return run_commands(dist)
^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/core.py", line 201, in run_commands
dist.run_commands()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/dist.py", line 969, in run_commands
self.run_command(cmd)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/dist.py", line 1233, in run_command
super().run_command(command)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/dist.py", line 988, in run_command
cmd_obj.run()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/bdist_egg.py", line 167, in run
cmd = self.call_command('install_lib', warn_dir=0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/bdist_egg.py", line 153, in call_command
self.run_command(cmdname)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py", line 318, in run_command
self.distribution.run_command(command)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/dist.py", line 1233, in run_command
super().run_command(command)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/dist.py", line 987, in run_command
cmd_obj.ensure_finalized()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py", line 111, in ensure_finalized
self.finalize_options()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/install_lib.py", line 17, in finalize_options
self.set_undefined_options('install',('install_layout','install_layout'))
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py", line 296, in set_undefined_options
setattr(self, dst_option, getattr(src_cmd_obj, src_option))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py", line 107, in __getattr__
raise AttributeError(attr)
AttributeError: install_layout. Did you mean: 'install_platlib'?
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/pentest/powerview.py/setup.py", line 3, in <module>
setup(name='powerview',
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/__init__.py", line 107, in setup
return distutils.core.setup(**attrs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/core.py", line 185, in setup
return run_commands(dist)
^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/core.py", line 201, in run_commands
dist.run_commands()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/dist.py", line 969, in run_commands
self.run_command(cmd)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/dist.py", line 1233, in run_command
super().run_command(command)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/dist.py", line 988, in run_command
cmd_obj.run()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/install.py", line 84, in run
self.do_egg_install()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/install.py", line 140, in do_egg_install
cmd.run(show_deprecation=False)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 466, in run
self.easy_install(spec, not self.no_deps)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 714, in easy_install
return self.install_item(None, spec, tmpdir, deps, True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 764, in install_item
self.process_distribution(spec, dist, deps)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 812, in process_distribution
distros = WorkingSet([]).resolve(
^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/pkg_resources/__init__.py", line 829, in resolve
dist = self._resolve_dist(
^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/pkg_resources/__init__.py", line 865, in _resolve_dist
dist = best[req.key] = env.best_match(
^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/pkg_resources/__init__.py", line 1135, in best_match
return self.obtain(req, installer)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/pkg_resources/__init__.py", line 1147, in obtain
return installer(requirement)
^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 737, in easy_install
return self.install_item(spec, dist.location, tmpdir, deps)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 762, in install_item
dists = self.install_eggs(spec, download, tmpdir)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 956, in install_eggs
return self.build_and_install(setup_script, setup_base)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 1230, in build_and_install
self.run_setup(setup_script, setup_base, args)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/easy_install.py", line 1216, in run_setup
run_setup(setup_script, args)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 249, in run_setup
with setup_context(setup_dir):
File "/usr/lib/python3.11/contextlib.py", line 155, in __exit__
self.gen.throw(typ, value, traceback)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 190, in setup_context
with save_modules():
File "/usr/lib/python3.11/contextlib.py", line 155, in __exit__
self.gen.throw(typ, value, traceback)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 169, in save_modules
saved_exc.resume()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 143, in resume
raise exc.with_traceback(self._tb)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 156, in save_modules
yield saved
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 198, in setup_context
yield
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 259, in run_setup
_execfile(setup_script, ns)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/sandbox.py", line 46, in _execfile
exec(code, globals, locals)
File "/tmp/easy_install-akiee3g_/impacket-0.11.0/setup.py", line 52, in <module>
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/__init__.py", line 107, in setup
return distutils.core.setup(**attrs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/core.py", line 185, in setup
return run_commands(dist)
^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/core.py", line 201, in run_commands
dist.run_commands()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/dist.py", line 969, in run_commands
self.run_command(cmd)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/dist.py", line 1233, in run_command
super().run_command(command)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/dist.py", line 988, in run_command
cmd_obj.run()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/bdist_egg.py", line 167, in run
cmd = self.call_command('install_lib', warn_dir=0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/bdist_egg.py", line 153, in call_command
self.run_command(cmdname)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py", line 318, in run_command
self.distribution.run_command(command)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/dist.py", line 1233, in run_command
super().run_command(command)
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/dist.py", line 987, in run_command
cmd_obj.ensure_finalized()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py", line 111, in ensure_finalized
self.finalize_options()
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/command/install_lib.py", line 17, in finalize_options
self.set_undefined_options('install',('install_layout','install_layout'))
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py", line 296, in set_undefined_options
setattr(self, dst_option, getattr(src_cmd_obj, src_option))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/pentest/powerview.py/venv/lib/python3.11/site-packages/setuptools/_distutils/cmd.py", line 107, in __getattr__
raise AttributeError(attr)
AttributeError: install_layout
Hi,
Thank you for this tool!
When performing cross-forest (inter-realm) attacks one method to use is to abuse unconstrained delegation which DCs are configured with by default. However, this attack relies on TGT delegation beeing enabled in the direction of the target forest to the source/owned forest. The command get-netdomaintrust
outputs most of the information required but not the state of TGT delegation.
Enumerating this using built-in tools on the primary DC in the target forest outputs the below. Would you be willing to implement support for this in pywerview? Thanks!
Wesh !
Sorry in advance for this issue, but you know, short assignement so few debug traces and I haven't try with powerview
...
Anyway, I have an error with the invoke-userhunter
function, whatever the "hunted user" I try, pywerview crash :( The others functions are working fine, so I don't know.
$ ./pywerview.py invoke-userhunter -w domain.local -u myuser -p password --dc-ip 192.168.1.1 --username otheruser
Process UserHunterWorker-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/home/xxx/tools/pywerview/pywerview/worker/hunting.py", line 46, in run
result = self._enumerate_sessions(target_computer)
File "/home/xxx/tools/pywerview/pywerview/worker/hunting.py", line 60, in _enumerate_sessions
self._lmhash, self._nthash) as net_requester:
File "/home/xxx/tools/pywerview/pywerview/requester.py", line 228, in __enter__
LDAPRequester.__enter__(self)
File "/home/xxx/tools/pywerview/pywerview/requester.py", line 131, in __enter__
self._create_ldap_connection()
File "/home/xxx/tools/pywerview/pywerview/requester.py", line 85, in _create_ldap_connection
self._lmhash, self._nthash)
File "/usr/local/lib/python2.7/dist-packages/impacket/ldap/ldap.py", line 303, in login
resp = self.sendReceive('bindRequest', bindRequest)[0]['protocolOp']
IndexError: list index out of range
✌️ PEACE AND BANANA 🍌
Hello,
When trying to run some of the modules I run into the following error:
pywerview get-netfileserver -w ACME -u john.smith -p hunter2 -t 192.168.1.2
impacket.ldap.ldap.LDAPSearchError: Error in searchRequest -> 'referral': 0000202B: RefErr: DSID-0310082F, data 0, 1 access points
I'm trying to execute invoke-userhunter function and I got this error, any ideas?
Traceback (most recent call last):
File "pywerview.py", line 23, in <module>
main()
File "/root/pywerview-master/pywerview/cli/main.py", line 578, in main
results = args.func(**parsed_args)
File "/root/pywerview-master/pywerview/cli/helpers.py", line 329, in invoke_userhunter
foreign_users=foreign_users)
File "/root/pywerview-master/pywerview/functions/hunting.py", line 191, in invoke_userhunter
stealth_source=stealth_source)
File "/root/pywerview-master/pywerview/functions/hunting.py", line 77, in _build_target_computers
self._target_computers = list(set(self._target_computers))
TypeError: unhashable type: 'list'
For example, when trying to use the invoke-checklocaladminaccess
action, you get:
usage: pywerview.py invoke-checklocaladminaccess [-h] [-w DOMAIN] -u USER
[-p PASSWORD]
[--hashes LMHASH:NTHASH]
[--computername TARGET_COMPUTERNAME]
but, if you don't specify computername
parameter the module will fail.. and.. I think you really need to specify it ;).
In the same way as the USER
parameter, you can define computername
this way:
invoke_checklocaladminaccess_parser.add_argument('--computername', required=True, dest='target_computername',
help='Computer to test local admin access on')
and will force the script to check that parameter was provided.
I saw this happening on other actions as well.
Zblah !
Once again, encoding error (develop branch)
$ ./pywerview.py invoke-userhunter -u Administrator -p password -w domain.local --username josé --dc-ip 172.16.0.1
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/root/pywerview-dev/pywerview/worker/hunting.py", line 43, in run
result = self._hunt(target_computer)
File "/root/pywerview-dev/pywerview/worker/hunting.py", line 92, in _hunt
if target_user.membername.lower() in username.lower():
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 3: ordinal not in range(128)
Oh come on José, get your shit together !
It's beacause here : https://github.com/the-useless-one/pywerview/blob/master/pywerview/worker/hunting.py#L83 you compare str
object with unicode
object. (The line numbers in the example above is wrong)
After some tests, this works for me :
if "".format(target_user.membername.lower()) in username.lower():
or
if target_user.membername.lower() in unicode(username.lower(), 'utf-8'):
But I'm sure you have a better solution 😄
(icym : https://stackoverflow.com/a/35444608)
Big Up 🌵
Why I'm encountering this error, I specified the right and working AD user credentials and whenever i used this command I'm getting this error and cannot authenticate.
proxychains ./pywerview.py get-netcomputer -w DomainName -d 172.x.x.x -u "user" -p "pas" --dc-ip 172.x.x.x [proxychains] config file found: /etc/proxychains4.conf [proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4 [proxychains] DLL init: proxychains-ng 4.16 [proxychains] DLL init: proxychains-ng 4.16 [proxychains] Strict chain ... 206.x.x.x:1080 ... 172.x.x.x:389 ... OK [CRITICAL] pywerview_main_logger.LDAPRPCRequester - _do_ntlm_auth : Invalid Credentials
Hey!
Was playing around with pywerview and noticed this error kept popping up whenever I try to use a function that performs an LDAP query. Pinging @asolino since he might be interested in this error as well.
Command : python ./pywerview.py get-netuser -t DC_IP -u user -p password
Traceback (most recent call last):
File "./pywerview.py", line 290, in <module>
results = args.func(**parsed_args)
File "/home/byt3bl33d3r/Tools/pywerview/pywerview/net.py", line 99, in get_netuser
for user in domain_connection.search(searchFilter=user_search_filter, attributes=list()):
File "build/bdist.linux-x86_64/egg/impacket/ldap/ldap.py", line 331, in search
impacket.ldap.ldap.LDAPSearchError: Error in searchRequest -> 'invalidDNSyntaxn':0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
'dc='
Let me know if you need more info!
Cheers
--computerfile results in argument error
Traceback (most recent call last):
File "pywerview.py", line 23, in <module>
main()
File "/root/pywerview-master/pywerview/cli/main.py", line 578, in main
results = args.func(**parsed_args)
File "/root/pywerview-master/pywerview/cli/helpers.py", line 329, in invoke_userhunter
foreign_users=foreign_users)
File "/root/pywerview-master/pywerview/functions/hunting.py", line 211, in invoke_userhunter
domain_short_name, check_access))
File "/root/pywerview-master/pywerview/functions/hunting.py", line 142, in _build_workers
self._do_kerberos, self._do_tls, *worker_args)
TypeError: __init__() takes 13 positional arguments but 14 were given
Hello!
Is the pycrypto
module still required (as specified in the install_requires
)?
The pycrypto
project is no longer maintained and causes issues for standalone build on Windows (due to incompatibility with recent VS build tools).
I haven't seen any usage of pycrypto
in the code after a quick glance and it is no longer required by impacket
(#485). I removed the requirements and could successfully setup pywerview
as well as call a few submodules.
If pycrypto
is required, would it be possible to replace it by pycryptodome
(a good transparent replacement with the same namespace / functions)?
stealing kerberos tickets is a decent way to operate within the user space. Any chance you can utilize impackets kerberos auth?
https://github.com/CoreSecurity/impacket/blob/master/examples/GetUserSPNs.py#L117
has a decent method of kerberos auth with the dc-ip option for specify the krb host from .
File "./pywerview.py", line 24, in
main()
File "/Users/robertkornmeyer/pywerview/pywerview/cli/main.py", line 342, in main
results = args.func(**parsed_args)
File "/Users/robertkornmeyer/pywerview/pywerview/cli/helpers.py", line 46, in get_netuser
custom_filter=custom_filter)
File "/Users/robertkornmeyer/pywerview/pywerview/requester.py", line 117, in wrapper
ads_path=ads_path, ads_prefix=ads_prefix)
File "/Users/robertkornmeyer/pywerview/pywerview/requester.py", line 76, in _create_ldap_connection
self._lmhash, self._nthash)
File "/Library/Python/2.7/site-packages/impacket/ldap/ldap.py", line 290, in login
type3, exportedSessionKey = getNTLMSSPType3(negotiate, str(type2), user, password, domain, lmhash, nthash)
File "/Library/Python/2.7/site-packages/impacket/ntlm.py", line 599, in getNTLMSSPType3
password = password.decode(encoding)
AttributeError: 'NoneType' object has no attribute 'decode
However, impacket lib works just fine when using hashes.
cli:
./pywerview.py get-netuser -w domain -u user --hashes hashes:here --dc-ip ipaddress --domain queried domain --username usernametoquery
Hi dude !
An error occurs when I try to get local groups on a target, more precisely when a domain group is included in local group. Tested on Windows XP/7 target.
$ ./pywerview.py get-netlocalgroup -w DOMAIN.lan -u administrator -p p@ssw0rd --dc-ip 192.168.1.1 --groupname Administrateurs --computername COMPUTER05.domain.lan
192.168.1.1
Traceback (most recent call last):
File "./pywerview.py", line 279, in
results = args.func(**parsed_args)
File "/home/x/tools/pywerview/pywerview/net.py", line 596, in get_netlocalgroup
password, lmhash, nthash, queried_sid=member_sid)[0]
IndexError: list index out of range
PS C:\Users\administrator> Get-NetLocalGroup -ComputerName COMPUTER05.domain.lan -GroupName Administrateurs
Server : COMPUTER05.domain.lan
AccountName : COMPUTER05/Administrateur
SID : S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX
Disabled : ERROR
IsGroup : False
IsDomain : False
LastLogin :Server : COMPUTER05.domain.lan
AccountName : Tout le monde
SID : S-1-1-0
Disabled : ERROR
IsGroup : True
IsDomain : False
LastLogin :Server : COMPUTER05.domain.lan
AccountName : S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX
SID : S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX
Disabled : ERROR
IsGroup : False
IsDomain : False
LastLogin :Server : COMPUTER05.domain.lan
AccountName : domain.lan/Domain Admins
SID : S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX
Disabled : False
IsGroup : True
IsDomain : True
LastLogin :
(damn github markdown is sooooo lame)
Thanks for your tool by the way 👍
"Joy and Volupted"
Hi there, love the program. Is there an easy way to return all the results as a JSON object instead of just text with newlines?
I was able to replicate this error on a fresh installation of Kali Linux with nothing more than 'python3-pywerview' installed. The command I ran was:
pywerview get-netuser -w $DOMAIN -u $USERNAME -p '$PASSWORD' -t $DC_IP --username '*' --custom-filter '(!(userAccountControl:1.2.840.113556.1.4.803:=2))' |tee /dev/tty > netuser_enabled
On the last line before the error, the line started with 'wwwhomepage'.
The error:
Traceback (most recent call last):
File "/usr/bin/pywerview", line 33, in <module>
sys.exit(load_entry_point('pywerview==0.3.2', 'console_scripts', 'pywerview')())
File "/usr/lib/python3/dist-packages/pywerview/cli/main.py", line 472, in main
print(x)
File "/usr/lib/python3/dist-packages/pywerview/objects/adobjects.py", line 122, in __str__
member_value = (',\n' + ' ' * (max_length + 2)).join(x.hex() for x in member[1])
File "/usr/lib/python3/dist-packages/pywerview/objects/adobjects.py", line 122, in <genexpr>
member_value = (',\n' + ' ' * (max_length + 2)).join(x.hex() for x in member[1])
AttributeError: 'int' object has no attribute 'hex'
This is not a functional issue, but just an opinion.. and of course it's up to @the-useless-one to decide. I would however, use the same capitalization as PowerView's functions. For example:
I would do the same for the specific parameters for each function.
Why?.. Besides looking prettier (personal opinion ;) ), it will help PowerView users to transition easier to this script, and the other way around too!
Heya,
ran into this error when running get-netgroupmemeber
and get-netdomaincontroller
:
Traceback (most recent call last):
File "/root/.virtualenvs/CME/bin/pywerview", line 11, in <module>
load_entry_point('pywerview==0.1.1', 'console_scripts', 'pywerview')()
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/cli/main.py", line 342, in main
results = args.func(**parsed_args)
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/cli/helpers.py", line 128, in get_netgroupmember
full_data=full_data, custom_filter=custom_filter)
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 126, in wrapper
return f(*args, **kwargs)
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/net.py", line 364, in get_netgroupmember
members = _get_members(groupname, sid)
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/net.py", line 304, in _get_members
queried_sid = misc_requester.get_domainsid(queried_domain) + '-512'
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/misc.py", line 65, in get_domainsid
domain_controllers = r.get_netdomaincontroller(queried_domain=queried_domain)
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 126, in wrapper
return f(*args, **kwargs)
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/net.py", line 142, in get_netdomaincontroller
custom_filter=domain_controller_filter)
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 126, in wrapper
return f(*args, **kwargs)
File "/root/.virtualenvs/CME/lib/python2.7/site-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/net.py", line 109, in get_netcomputer
computer_search_filter['and'] = ldapasn1.And()
AttributeError: 'module' object has no attribute 'And'
Cheers
Good Morning,
I get the following error when running invoke-eventhunter
# python pywerview.py invoke-eventhunter -w domain.com -u domainadmin -p password -t 10.x.x.x --userfile target-users.txt --search-days 5
Process EventHunterWorker-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
self.run()
File "/root/Desktop/pywerview/pywerview/worker/hunting.py", line 43, in run
result = self._hunt(target_computer)
File "/root/Desktop/pywerview/pywerview/worker/hunting.py", line 155, in _hunt
for event in distant_events:
TypeError: 'NoneType' object is not iterable
Hello.
Very cool!!!
But thats about ACL audit with get-objectacl
?
Nowadays viewing ACL from under Linux is not very comfortable...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.