Removing disabled account checks, these are already filtered by the ldap query

NeffIsBack · NeffIsBack · commit bac7a34285f4 · 2024-11-14T06:46:50.000-05:00
diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py
@@ -1179,17 +1179,11 @@ def printTable(items, header):
                             rbcdRights.append(str(rbcd.get("sAMAccountName")))
                             rbcdObjType.append(str(rbcd.get("objectCategory")))
 
-                        if int(userAccountControl) & UF_ACCOUNTDISABLE:
-                            self.logger.debug(f"Bypassing disabled account {sAMAccountName}")
-                        else:
-                            for rights, objType in zip(rbcdRights, rbcdObjType):
-                                answers.append([rights, objType, "Resource-Based Constrained", sAMAccountName])
+                        for rights, objType in zip(rbcdRights, rbcdObjType):
+                            answers.append([rights, objType, "Resource-Based Constrained", sAMAccountName])
 
                 if delegation in ["Unconstrained", "Constrained", "Constrained w/ Protocol Transition"]:
-                    if int(userAccountControl) & UF_ACCOUNTDISABLE:
-                        self.logger.debug(f"Bypassing disabled account {sAMAccountName}")
-                    else:
-                        answers.append([sAMAccountName, objectType, delegation, rightsTo])
+                    answers.append([sAMAccountName, objectType, delegation, rightsTo])
 
             except Exception as e:
                 self.logger.error(f"Skipping item, cannot process due to error {e}")
diff --git a/nxc/protocols/ldap/proto_args.py b/nxc/protocols/ldap/proto_args.py
@@ -17,7 +17,7 @@ def proto_args(parser, parents):
 
     vgroup = ldap_parser.add_argument_group("Retrieve useful information on the domain", "Options to to play with Kerberos")
     vgroup.add_argument("--query", nargs=2, help="Query LDAP with a custom filter and attributes")
-    vgroup.add_argument("--find-delegation", action="store_true", help="Finds delegation relationships within an Active Directory domain.")
+    vgroup.add_argument("--find-delegation", action="store_true", help="Finds delegation relationships within an Active Directory domain. (Enabled Accounts only)")
     vgroup.add_argument("--trusted-for-delegation", action="store_true", help="Get the list of users and computers with flag TRUSTED_FOR_DELEGATION")
     vgroup.add_argument("--password-not-required", action="store_true", help="Get the list of users with flag PASSWD_NOTREQD")
     vgroup.add_argument("--admin-count", action="store_true", help="Get objets that had the value adminCount=1")
