Add CAS attribute

NeffIsBack · NeffIsBack · commit 74dcef77ce97 · 2024-07-21T06:06:41.000-04:00
diff --git a/nxc/modules/sccm.py b/nxc/modules/sccm.py
@@ -38,6 +38,7 @@ def on_login(self, context, connection):
         self.base_dn = connection.ldapConnection._baseDN if not self.base_dn else self.base_dn
         self.sc = ldap.SimplePagedResultsControl()
 
+        # Basic SCCM enumeration
         try:
             # Search for SCCM root object
             search_filter = f"(distinguishedName=CN=System Management,CN=System,{self.base_dn})"
@@ -69,16 +70,36 @@ def on_login(self, context, connection):
                         self.context.log.highlight(f"{self.sccm_sites[site]['cn']}")
                         self.context.log.highlight(f"  Site Code: {site.rjust(14)}")
                         self.context.log.highlight(f"  Assignment Site Code: {self.sccm_sites[site]['AssignmentSiteCode'].rjust(3)}")
-                        self.context.log.highlight("  Management Points:")
-                        for mp in self.sccm_sites[site]["ManagementPoints"]:
-                            self.context.log.highlight(f"\t  CN:{' ':<12}{mp['cn']}")
-                            self.context.log.highlight(f"\t  DNS Hostname:{' ':<2}{mp['dNSHostName']}")
-                            self.context.log.highlight(f"\t  IP Address:{' ':<4}{mp['IPAddress']}")
-                            self.context.log.highlight(f"\t  Default MP:{' ':<4}{mp['mSSMSDefaultMP']}")
+
+                        # If there aren't Management Points, it's a Central Administration Site
+                        if self.sccm_sites[site]["ManagementPoints"]:
+                            self.context.log.highlight(f"  CAS: {' ':<17}{False}")
+                            self.context.log.highlight("  Management Points:")
+                            for mp in self.sccm_sites[site]["ManagementPoints"]:
+                                self.context.log.highlight(f"\t  CN:{' ':<12}{mp['cn']}")
+                                self.context.log.highlight(f"\t  DNS Hostname:{' ':<2}{mp['dNSHostName']}")
+                                self.context.log.highlight(f"\t  IP Address:{' ':<4}{mp['IPAddress']}")
+                                self.context.log.highlight(f"\t  Default MP:{' ':<4}{mp['mSSMSDefaultMP']}")
+                        else:
+                            self.context.log.highlight(f"  CAS: {' ':<17}{True}")
                     self.context.log.highlight("")
         except LDAPSearchError as e:
             context.log.fail(f"Got unexpected exception: {e}")
 
+        # Enumerate users/groups/computers with "SCCM" in their name
+        # hippity hoppity your code is now my property, filter stolen from the awesome sccmhunter repository
+        # https://github.com/garrettfoster13/sccmhunter
+        try:
+            yoinkers = '(|(samaccountname=*sccm*)(samaccountname=*mecm*)(description=*sccm*)(description=*mecm*)(name=*sccm*)(name=*mecm*))'
+            context.log.display("Searching for SCCM related objects")
+            result = connection.ldapConnection.search(
+                searchFilter=yoinkers,
+                searchBase=self.base_dn,
+                attributes=["sAMAccountName", "distinguishedName"],
+            )
+        except LDAPSearchError as e:
+            context.log.fail(f"Got unexpected exception: {e}")
+
     def get_management_points(self):
         """Searches for all SCCM management points in the Active Directory and maps them to their SCCM site via the site code."""
         try:
