Skip to content

Instantly share code, notes, and snippets.

@jakobfriedl

jakobfriedl/ADOE.py

Created October 24, 2023 14:11
Show Gist options
  • Save jakobfriedl/f55bd4f870348e68e0eb27ad6a2fa48b to your computer and use it in GitHub Desktop.
Save jakobfriedl/f55bd4f870348e68e0eb27ad6a2fa48b to your computer and use it in GitHub Desktop.
Download ZIP
Active Directory Object Enumerator for Havoc
Raw
ADOE.py
#!/usr/bin/env python
# -*- Coding: UTF-8 -*-
# Author: Jakob Friedl
# Created on: Mon, 23. Oct 2023
# Description: Active Directory object enumeration for Havoc
import havocui
import havoc
import re
# Variables
demon = None
domain = ""
demons = []
users = []
groups = []
ad_tree = None
def handle_user_info(data):
global ad_tree
ad_tree.setPanel(data)
def select(data):
global ad_tree
task = demon.ConsoleWrite(demon.CONSOLE_TASK, f"Tasked to demon to get information about {data}.")
demon.CommandGetOutput(task, f"shell net user {data} /domain", handle_user_info)
def handle_user_list(data):
global users
global ad_tree
users = [user for user in data.replace("\n", "").replace(" - ", " ").split(" ") if user != ""]
ad_tree.addRow("Users", *users)
def handle_group_list(data):
global groups
global ad_tree
pattern = r'^\*.*$'
groups = [group.replace("\r", "").replace("*", "") for group in re.findall(pattern, data, re.MULTILINE)]
ad_tree.addRow("Groups", *groups)
def get_user_info():
global demon
if demon == None or domain == "":
havocui.messagebox("Error", "Bad configuration.")
return
user_task = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to enumerate users")
demon.CommandGetOutput(user_task, f"net users \\\\{domain}", handle_user_list)
def get_group_info():
global demon
if demon == None or domain == "":
havocui.messagebox("Error", "Bad configuration.")
return
group_task = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to enumerate groups")
demon.CommandGetOutput(group_task, "shell net groups /domain", handle_group_list)
generator = havocui.Widget("AD Object Enumerator")
def choose_demon(num):
global demon
if num:
demon = havoc.Demon(demons[num - 1])
else:
havocui.messagebox("Error", "Please select a valid demon!")
print("[*] Demon selected: ", demon)
def change_domain(data):
global domain
domain = data
print("[*] Domain changed: ", domain)
def build():
global demons
global ad_tree
ad_tree = havocui.Tree("Domain Object Information", select, True)
ad_tree.setBottomTab()
generator.setSmallTab()
demons = havoc.GetDemons()
generator.addLabel("<b>Demon</b>")
generator.addCombobox(choose_demon, "Choose demon", *demons)
generator.addLabel("<b>Domain</b>")
generator.addLineedit("e.g. domain.local", change_domain)
generator.addButton("Get User Information", get_user_info)
generator.addButton("Get Group Information", get_group_info)
havocui.createtab("ADOE", "Open Active Directory Object Enumerator", build)
@jakobfriedl
Copy link
Author

jakobfriedl commented Oct 24, 2023
edited
Loading

Early development stage, many improvements can be made.

Features:

  • Specify demon and domain to enumerate users and groups on a target agent
  • Get additional information when clicking on user object

ToDo:

  • Get information about group
  • Different tabs for different domains

image
image

@jakobfriedl
Copy link
Author

Using with updated Havoc dev branch:

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment