GithubHelp home page GithubHelp logo

No way to contact =( about adaudit HOT 5 CLOSED

phillips321 avatar phillips321 commented on July 19, 2024
No way to contact =(

from adaudit.

Comments (5)

phillips321 avatar phillips321 commented on July 19, 2024

Hi there,

This looks useful, I'll look to add it to the script. Feel free to make a pull request if you have time?

What country are you coming from to access my website? (I've blocked a few)

from adaudit.

KennyMacCormik avatar KennyMacCormik commented on July 19, 2024

I'm from Russia. I'll try to make a pull request at some point. In case you've blocked some countries you can tell me one you have not and I will try and check with VPN =)

from adaudit.

phillips321 avatar phillips321 commented on July 19, 2024

Yep Russia is on the list sorry, come from US VPN and you'll reach me.

from adaudit.

KennyMacCormik avatar KennyMacCormik commented on July 19, 2024

Yeah, site is opening with VPN, but there is only twitter =)

Btw cannot make a branch to put in new functions. So here are they

function Get-GPOEnum{#Loops GPOs for groups that have domain join permissions assigned and for NTLM settings
    $AllowedJoin = @();
    $DenyNTLM = @();
    $AuditNTLM = @();
    $NTLMAuthExceptions = @();
    $AllGPOs = Get-GPO -All | sort DisplayName;
    foreach ($GPO in $AllGPOs){
        $GPOreport = Get-GPOReport -Guid $GPO.id -ReportType Xml;
        #Look for GPO that allows join PC to domain
        $permissionindex = $GPOreport.IndexOf('<q1:Name>SeMachineAccountPrivilege</q1:Name>');
        if($permissionindex -gt 0){
            $xmlreport = [xml]$GPOreport;
            foreach ($member in (($xmlreport.GPO.Computer.ExtensionData.Extension.UserRightsAssignment | ? name -eq 'SeMachineAccountPrivilege').member) ){
                $obj = New-Object -TypeName psobject;
                $obj | Add-Member -MemberType NoteProperty -Name GPO -Value $GPO.DisplayName;
                $obj | Add-Member -MemberType NoteProperty -Name SID -Value $member.sid.'#text';
                $obj | Add-Member -MemberType NoteProperty -Name Name -Value $member.name.'#text';

                $AllowedJoin += $obj;
            }
        }
        #Look for GPO that denies NTLM
        $permissionindex = $GPOreport.IndexOf('RestrictNTLMInDomain</q1:KeyName>');
        if($permissionindex -gt 0){
            $xmlreport = [xml]$GPOreport;
            $value = $xmlreport.gpo.Computer.ExtensionData.Extension.SecurityOptions | ? keyname -Match 'RestrictNTLMInDomain';
            $obj = New-Object -TypeName psobject;
            $obj | Add-Member -MemberType NoteProperty -Name GPO -Value $GPO.DisplayName;
            $obj | Add-Member -MemberType NoteProperty -Name Value -Value $value.Display.DisplayString;
            $DenyNTLM += $obj;
        }
        #Look for GPO that audits NTLM
        $permissionindex = $GPOreport.IndexOf('AuditNTLMInDomain</q1:KeyName>');
        if($permissionindex -gt 0){
            $xmlreport = [xml]$GPOreport;
            $value = $xmlreport.gpo.Computer.ExtensionData.Extension.SecurityOptions | ? keyname -Match 'AuditNTLMInDomain';
            $obj = New-Object -TypeName psobject;
            $obj | Add-Member -MemberType NoteProperty -Name GPO -Value $GPO.DisplayName;
            $obj | Add-Member -MemberType NoteProperty -Name Value -Value $value.Display.DisplayString;
            $AuditNTLM += $obj;
        }
        #Look for GPO that allows NTLM exclusions
        $permissionindex = $GPOreport.IndexOf('DCAllowedNTLMServers</q1:KeyName>');
        if($permissionindex -gt 0){
            $xmlreport = [xml]$GPOreport;
            foreach ($member in (($xmlreport.gpo.Computer.ExtensionData.Extension.SecurityOptions | ? keyname -Match 'DCAllowedNTLMServers').SettingStrings.Value) ){
                $NTLMAuthExceptions += $member;
            }
        }
    }
    #Output for join PC to domain
    foreach($record in $AllowedJoin){
        Write-Both "    [+] GPO [$($record.GPO)] allows object [$($record.Name)] with SID [$($record.SID)] to join computers to domain"
    }
    #Output for deny NTLM
    if($DenyNTLM.count -eq 0){
        Write-Both "    [!] NTLM authentication allowed in the domain"
    }else{
        foreach($record in $DenyNTLM){
            Write-Both "    [+] NTLM authentication restricted by GPO [$($record.gpo)] with value [$($record.value)]"
        }
    }
    #Output for NTLM exceptions
    if($NTLMAuthExceptions.count -ne 0){
        Write-Both "    [+] List of NTLM auth exceptions"
        foreach($record in $NTLMAuthExceptions){
            Write-Both "        [-] $($record)"
        }
    }
    #Output for NTLM audit
    if($AuditNTLM.count -eq 0){
        Write-Both "    [!] NTLM audit is not enabled in the domain"
    }else{
        foreach($record in $DenyNTLM){
            Write-Both "    [+] NTLM audit enabled by GPO [$($record.gpo)] with value [$($record.value)]"
        }
    }

}
function Get-PrivelegedGroupMembership{#List Domain Admins, Enterprise Admins and Schema Admins members
    $SchemaMemebers = Get-ADGroup 'Schema Admins' | Get-ADGroupMember;
    $EnterpriseMemebers = Get-ADGroup 'Enterprise Admins' | Get-ADGroupMember;
    $DomainAdminsMemebers = Get-ADGroup 'Domain Admins' | Get-ADGroupMember;
    if($SchemaMemebers.count -ne 0){
            Write-Both "    [!] Schema Admins not empty!!!"
        foreach($member in $SchemaMemebers){
            Write-Both "        [-] $($member.objectClass) $($member.name)"
        }
    }
    if($EnterpriseMemebers.count -ne 0){
            Write-Both "    [!] Enterprise Admins not empty!!!"
        foreach($member in $EnterpriseMemebers){
            Write-Both "        [-] $($member.objectClass) $($member.name)"
        }
    }
    Write-Both "    [+] Domain Admins members"
    foreach($member in $DomainAdminsMemebers){
        Write-Both "        [-] $($member.objectClass) $($member.name)"
    }
}

from adaudit.

KennyMacCormik avatar KennyMacCormik commented on July 19, 2024

Found out the way to do it correctly. Closing issue. Thanks

from adaudit.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.