pywerview v0.7.2

Modifications

• pywerview now uses a pyproject.toml file. Thanks @jsherwood0, @fabaff and @NickCao

pywerview v0.7.1

Features

• get-netpki: returns a list of all the pKIEnrollmentService objects.
• get-netcerttmpl: returns a list of all the pKICertificateTemplate objects. This function implements the --caname CA-NAME flag to only retrieve certificates for this certificate authority.

Modifications

• get-netdomaintrust now displays the SID of the trusted domain
• NetRequester object has now a _resolve_sid() function.
• pywerview now requires impacket db71504
• _get_netfqdn in LDAPRequester now uses anonymous bind and root DSE to retrieve the fqdn
• code refactoring within requester.py

Bug fix

• Fixed an infinite recursion when using TLS and a wrong password (by @jsherwood0)

pywerview v0.7.0

Features

• pywerview now uses ldap3-bleeding-edge. It will use it until #1139 is merged and released.

Modifications

• When LDAPInvalidCredentialsResult is raised, pywerview parses the error code and displays it in human readable format.

pywerview v0.6.1

Modifications

• Fix a bug in get-objectacl when the domain FQDN is longer than 2 "words" (aka the domain is something like foo.bar.local)
• Fix a bug in find-gpocomputeradmin
• ALIAS_OBJECT is now treated as group in get-netgroupmember
• Strip the trailing \x00 while retrieving local disks (by @Anhydrite)

pywerview v0.6

Features

• new function: get-objectowner. You can use this function to retrieve owner of any Active Directory object.
• new attribute: _well_known_rids in ADObject. A (partial) list of well known RIDs.

Modifications

• better SPN patching: the realm part is ignored
• hunting functions are fixed
• hunting functions implement json output
• More well known SIDs

pywerview v0.5.2

Features

• pywerview falls back to simple authentication if Channel Binding and LDAP Signing patches are not installed. This fallback only works if:
  • Authentication is done with a password
  • LDAPS (TCP port 636) is open

Modifications

• you can use impacket's pth syntax with pywerview (e.g. --hashes :deadbeefdeadbeefdeadbeef)
• adding possibility to change namespace and rpc auth level for wmi
• Docker file no longer manually installs dsinternals

pywerview v0.5.1

Features

• pywerview can now use ldap3 special branch to work against hardened DCs. Thus, if the targeted DC enforces LDAP Signing and/or Channel Binding, please use this custom ldap3 version. S/O @CravateRouge

Modifications

• Fixed get-objectacl when used with --resolve-guid
• Two new functions are available : get-netsmsa and get-netgmsa (by @pbalmelle)
• get-adservices no longer exists, use get-netgmsa to retrieve gMSA

pywerview v0.5.0

Features

• SChannel authentication is now supported (see README for details)

Modifications

• Fixed get_adserviceaccount to works with kerberos authentication
• Adding command line custom filter attributes to several functions
• get-netdomaintrust no longer tries to interpret results
• Adding --full-data flag to get-netdomaintrust
• fixed performance issues, no more multiple LDAP connections with some functions

pywerview v0.4.1

Features

• Added a --laps-passwords option to get-netcomputer to query only computers for which the user can read LAPS passwords (thanks @SAERXCIT).
• Added allowed-to-authenticate in the right filter list for get-objectacl. This can be useful when Selective Authentication is set (see https://twitter.com/AlmondOffSec/status/1577958969523535873).
• Added a --pre-created option to get-netcomputer to return potentially vulnerable computer accounts (see https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/). Caution: This option is prone to false positives and negatives.
• Added a Dockerfile based on a Ubuntu image (thanks @sdcampbell and @p1gp1g).

Modifications

• useraccountcontrol attribute is now returned when using get-netgroupmember function. This can be useful to detect disabled admin accounts or accounts that are not allowed for delegation.
• The project now uses beautifulsoup4 instead of bs4 package (thanks @fabaff).
• ms-Mcs-AdmPwdExpirationTime is now formatted as a timestamp.
• get-netcomputer now returns all computer accounts even those without dnshostname.
• samaccountype attribute is now formatted as a string.
• The project now falls back to pycryptodome if pycryptodomex is not installed (thanks @thesamesam).
• get-netgroupmember now returns also computer accounts
• Better exception handling to detect Channel Binding and LDAP Signing

pywerview v0.4.0

Features

• Kerberos authentication is now supported (see README for details)
• Added a get-adserviceaccount functionality
• Added a --logging option to get different debug levels and messages
• Results can be dumped as JSON using --json
• TLS connection can be forced using --tls

Modifications

• Fixed find-gpocomputeradmin: there was a bug when setting isgroup attribute in GPOComputerAdmin object
• Fixed get-domainpolicy: fixed a bug in SID resolving
• Fixed dependencies and setup script (merged #46 and #47)