Skip to content

Commit

Permalink
Merge pull request #1 from onSec-fr/main
Browse files Browse the repository at this point in the history
Fix Args Check & Add Computer filter
  • Loading branch information
swisskyrepo authored Feb 17, 2021
2 parents 1812a6c + 415a008 commit 41e468f
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions SharpLAPS/Program.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
using System;
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.IO;
Expand All @@ -24,6 +24,7 @@ _____ __ __ ___ ____ _____
var parsed = ArgumentParser.Parse(args);
String username = null;
String password = null;
String target = "*";
String connectionString = "LDAP://{0}:{1}";
DirectoryEntry ldapConnection;

Expand All @@ -36,6 +37,7 @@ _____ __ __ ___ ____ _____
Console.WriteLine("\nOptional");
Console.WriteLine("/user:<username> Username of the account");
Console.WriteLine("/pass:<password> Password of the account");
Console.WriteLine("/target:<target> computer name (if not set query all computers in AD)");
Console.WriteLine("/out:<file> Outputting credentials to file");
Console.WriteLine("/ssl Enable SSL (LDAPS://)");

Expand All @@ -52,10 +54,15 @@ _____ __ __ ___ ____ _____
{
connectionString = String.Format(connectionString, parsed.Arguments["/host"], "636");
}


// Filter computer name
if (parsed.Arguments.ContainsKey("/target"))
{
target = parsed.Arguments["/target"] + "$";
}

// Use the provided credentials or the current session
if (parsed.Arguments.ContainsKey("/host") && parsed.Arguments.ContainsKey("/pass"))
if (parsed.Arguments.ContainsKey("/user") && parsed.Arguments.ContainsKey("/pass"))
{
Console.WriteLine("\n[+] Using the following credentials");
Console.WriteLine("Host: " + connectionString);
Expand All @@ -76,7 +83,7 @@ _____ __ __ ___ ____ _____
ldapConnection = new DirectoryEntry(connectionString, username, password, System.DirectoryServices.AuthenticationTypes.Secure);
Console.WriteLine("\n[+] Extracting LAPS password from LDAP");
DirectorySearcher searcher = new DirectorySearcher(ldapConnection);
searcher.Filter = "(&(objectCategory=computer)(ms-MCS-AdmPwd=*))";
searcher.Filter = "(&(objectCategory=computer)(ms-MCS-AdmPwd=*)(sAMAccountName=" + target + "))";

// Iterate over all the credentials
List<string> output = new List<string>();
Expand Down

0 comments on commit 41e468f

Please sign in to comment.