神刀安全网

SamParser – Parse SAM Registry Hives With Python

SamParser is a Python script used to parse SAM registry hives for both users and groups, it’s only dependency is python-registry .

SamParser – Parse SAM Registry Hives With Python

This would be a great little script to write into another toolset or larger attack pattern, especially if you’re already using a Python kit or framework.

Dependencies

pipinstallpython-registry 

Usage

pythonsamparse.py <hive> 

Sample Output

----- Administrator ----- Comment : Built-in accountfor administeringthecomputer/domain AccountType : Default AdminUser RID : 500 AccountCreatedDate : 13 May 2008 - 22:20:14 LastLoginDate : 21 July 2008 - 01:22:18 PasswordResetDate : 13 May 2008 - 22:23:39 PasswordFailDate : Never AccountFlags : Passworddoesnot expire | Normaluseraccount | FailedLoginCount : 0 LoginCount : 24     ----- Guest ----- Comment : Built-in accountfor guestaccessto thecomputer/domain AccountType : Default GuestAcct RID : 501 AccountCreatedDate : 13 May 2008 - 22:20:14 LastLoginDate : Never PasswordResetDate : Never PasswordFailDate : Never AccountFlags : Passworddoesnot expire | AccountDisabled | Passwordnot required | Normaluseraccount | FailedLoginCount : 0 LoginCount : 0   ----- Administrators ----- GroupDescription : Administratorshavecompleteand unrestrictedaccessto thecomputer/domain LastWrite : 2008-05-14 05:35:35.281248 UserCount : 7 Memebers : S-1-5-21-484763869-796845957-839522115-500 S-1-5-21-484763869-796845957-839522115-1003 S-1-5-21-484763869-796845957-839522115-1004 S-1-5-21-484763869-796845957-839522115-1005 S-1-5-21-484763869-796845957-839522115-1006 S-1-5-21-484763869-796845957-839522115-1007 S-1-5-21-484763869-796845957-839522115-1008   ----- Users ----- GroupDescription : Usersarepreventedfrommakingaccidentalor intentionalsystem-widechanges.  Thus, Userscanruncertifiedapplications, butnot mostlegacyapplications LastWrite : 2008-05-14 05:35:35.265625 UserCount : 8 Memebers : S-1-5-4 S-1-5-11 S-1-5-21-484763869-796845957-839522115-1003 S-1-5-21-484763869-796845957-839522115-1004 S-1-5-21-484763869-796845957-839522115-1005 S-1-5-21-484763869-796845957-839522115-1006 S-1-5-21-484763869-796845957-839522115-1007 S-1-5-21-484763869-796845957-839522115-1008 

You can download SamParser here:

samparser.py

Or read more here .

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » SamParser – Parse SAM Registry Hives With Python

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址