Jump to content

Enumerate Domain Users with Local Admin Rights

iamtheky

By iamtheky,
in AutoIt Example Scripts

 Share

Recommended Posts

iamtheky Universalist

iamtheky

Posted
Posted (edited)

This script enumerates the Domain Groups that show up under Administrators to result in a CSV that shows both the Domain Groups and their members.  It will not not show users nor groups with 0 members. 

#include <AutoItConstants.au3>
#include<array.au3>
#RequireAdmin

local $outfile = "DomainUsersWithAdminRightsOnEndpoints.csv"

If FileExists($outfile) Then FileDelete($outfile)

local $sOutCSV = ""
$sDomain = "DOMAIN"


$iPID = run("net localgroup Administrators" , "", @SW_HIDE , $stdout_child)

$sOutput = ""

 While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then
            ExitLoop
        EndIf
 WEnd

$aMembers = stringsplit(stringstripws($sOutput,2) , @CRLF , 3)

local $aOut[ubound($aMembers) - 6]

    For $j = 6 to ubound($aMembers) - 2
        $aOut[$j - 6] = $aMembers[$j]
    Next


;~ _ArrayDisplay($aMembers)


For $k = 0 to ubound($aOut) - 1
    If stringleft($aOut[$k] , stringlen($sDomain) + 1) = $sDomain & "\" Then

        $iPID = run("net group " & '"' & stringtrimleft(stringstripws($aOut[$k] , 2) , stringlen($sDomain) + 1) & '"' & " /DOMAIN" , "", @SW_HIDE , $stdout_child)

        $sOutput = ""

            While 1
                $sOutput &= StdoutRead($iPID)
                If @error Then
                    ExitLoop
                EndIf
            WEnd

$aDomainMembers = stringsplit(stringstripws($sOutput,2) , @CRLF , 3)

            If UBound($aDomainMembers) > 7 Then
                $sOutDomainMembers = _ArrayToString($aDomainMembers , "" , 8 , ubound($aDomainMembers) - 2)
                $sOutRepl = stringregexpreplace(stringstripws($sOutDomainMembers , 2) , "\s\s+" , ",")
                $sOutCSV &= $aOut[$k] & "," & $sOutRepl & @LF
            EndIf
    EndIf

Next

FileWrite($outfile , $sOutCSV)
ShellExecute($outfile)

 

Edited by iamtheky 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
Gianni Universalist

Gianni

Posted
Posted

....can be handy, thanks for sharing.

Here a little variation to show results in a treeview instead of in a csv file
(not much tested, just a draft). Not tested also what appens if group is empty... (line 31) 

#include <TreeViewConstants.au3>
#include <WindowsConstants.au3>
#include <AutoItConstants.au3>
#include <GUITreeView.au3>
#include<array.au3>
#RequireAdmin

Local $sOutCSV = "", $DOS_out, $aOutDomainMembers, $hTree
Local $sDomain = "Domain"

$hMain = GUICreate("Groups treeview", 280, 400, "", "", -1798701056, 256)
$hTree = GUICtrlCreateTreeView(5, 5, 270, 390, BitOR($TVS_HASBUTTONS, $TVS_HASLINES, $TVS_LINESATROOT, $TVS_DISABLEDRAGDROP, $TVS_SHOWSELALWAYS), $WS_EX_CLIENTEDGE)
GUISetState()
; Returns members of Administrator group (remove first 6 unwanted lines)
$DOS_out = _Cmd('NET LOCALGROUP Administrators | MORE /E +6')

; Parse members of administrators group from DOS output
$aOut = StringSplit(StringStripWS($DOS_out, 7), @CR, 2)
; _ArrayPop($aOut); remove last unwanted line
; _ArrayDisplay($aOut) ; show administrators group members
GUISetCursor(15, 1) ; set cursor to "wait"
_GUICtrlTreeView_BeginUpdate($hTree)
$hAncestor = _GUICtrlTreeView_Add($hTree, 0, $sDomain)
For $k = 0 To UBound($aOut) - 2
    $aElement = StringSplit($aOut[$k], "\", $STR_NOCOUNT)
    If Not @error Then
        If $aElement[0] = $sDomain Then
            $hGroup = _GUICtrlTreeView_AddChild($hTree, $hAncestor, $aElement[1])
            ; Returns members of domain group (remove first 8 unwanted lines)
            $DOS_out = _Cmd("net group " & '"' & $aElement[1] & '"' & " /DOMAIN | MORE /E +8")
            $aDomainMembers = StringSplit(StringStripWS($DOS_out, 2), @CRLF, 3) ; <----  what output if is an empty group ???
            ; _ArrayDisplay($aDomainMembers)
            If IsArray($aDomainMembers) Then
                $sOutDomainMembers = _ArrayToString($aDomainMembers, "", -1, UBound($aDomainMembers) - 2)
                $sOutRepl = StringRegExpReplace(StringStripWS($sOutDomainMembers, 2), "\s\s+", ",")
                $aOutDomainMembers = StringSplit($sOutRepl, ",")
                For $i = 1 To $aOutDomainMembers[0]
                    _GUICtrlTreeView_AddChild($hTree, $hGroup, $aOutDomainMembers[$i])
                Next
            EndIf
        EndIf
    EndIf
Next
_GUICtrlTreeView_EndUpdate($hTree)
GUISetCursor() ; cursor back to default
MsgBox(0, "Debug", "Pause")

Func _Cmd($sCommand)
    Local $sCmd_out = "", $iPID = Run(@ComSpec & " /c " & $sCommand, "", @SW_HIDE, $stdout_child)
    Do
        $sCmd_out &= StdoutRead($iPID)
    Until @error
    Return $sCmd_out
EndFunc   ;==>_Cmd

 

 

image.jpeg.9f1a974c98e9f77d824b358729b089b0.jpeg Chimp

small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...