mirror of
https://github.com/NetSPI/PowerHuntShares.git
synced 2025-05-04 19:28:42 +02:00
133 lines
3.6 KiB
PowerShell
133 lines
3.6 KiB
PowerShell
# Author: Scott Sutherland, NetSPI (@_nullbind / nullbind)
|
|
|
|
function Get-ConfigCredentials {
|
|
[CmdletBinding()]
|
|
param (
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$FilePath
|
|
)
|
|
|
|
# Initialize a hashtable to store extracted values
|
|
$configData = @{
|
|
Domain = $null
|
|
Server = $null
|
|
Username = $null
|
|
Password = $null
|
|
}
|
|
|
|
# Check if the file exists
|
|
if (-Not (Test-Path -Path $FilePath)) {
|
|
Write-Error "File not found: $FilePath"
|
|
return
|
|
}
|
|
|
|
# Read the configuration file
|
|
$configFile = Get-Content -Path $FilePath
|
|
|
|
# Parse the configuration file line by line
|
|
foreach ($line in $configFile) {
|
|
# Ignore comment lines and empty lines
|
|
if ($line -match '^\s*#' -or $line -match '^\s*$') {
|
|
continue
|
|
}
|
|
|
|
# Extract the domain (e.g., ad_domain or similar)
|
|
if ($line -match 'ad_domain\s*=\s*(.+)') {
|
|
$configData.Domain = $matches[1].Trim()
|
|
}
|
|
|
|
# Extract the server (e.g., krb5_server or similar)
|
|
if ($line -match 'krb5_server\s*=\s*(.+)') {
|
|
$configData.Server = $matches[1].Trim()
|
|
}
|
|
|
|
# Extract the username (e.g., ldap_default_bind_dn or similar)
|
|
if ($line -match 'ldap_default_bind_dn\s*=\s*(.+)') {
|
|
$configData.Username = $matches[1].Trim()
|
|
}
|
|
|
|
# Extract the password (e.g., ldap_default_authtok or similar)
|
|
if ($line -match 'ldap_default_authtok\s*=\s*(.+)') {
|
|
$configData.Password = $matches[1].Trim()
|
|
}
|
|
}
|
|
|
|
# Output the extracted configuration as a PowerShell object
|
|
[PSCustomObject]@{
|
|
Domain = $configData.Domain
|
|
Server = $configData.Server
|
|
Username = $configData.Username
|
|
Password = $configData.Password
|
|
}
|
|
}
|
|
|
|
# Example usage:
|
|
$config = Get-ConfigCredentials -FilePath "c:\temp\configs\sssd.conf"
|
|
$config | Format-List
|
|
|
|
|
|
<# sssd.conf - used to support kerberos authentication in Linux
|
|
|
|
|
|
[sssd]
|
|
config_file_version = 2
|
|
services = nss, pam, ssh, sudo
|
|
domains = example.com
|
|
|
|
[nss]
|
|
filter_groups = root
|
|
filter_users = root
|
|
|
|
[pam]
|
|
offline_credentials_expiration = 2
|
|
offline_failed_login_attempts = 3
|
|
offline_failed_login_delay = 5
|
|
|
|
[domain/example.com]
|
|
# Basic configuration for connecting to Active Directory
|
|
id_provider = ad
|
|
auth_provider = ad
|
|
access_provider = ad
|
|
|
|
# Enable Kerberos for authentication
|
|
krb5_realm = EXAMPLE.COM
|
|
krb5_server = ad.example.com
|
|
krb5_kpasswd = ad.example.com
|
|
|
|
# Active Directory server information
|
|
ad_domain = example.com
|
|
ad_server = ad.example.com
|
|
ad_hostname = linuxclient.example.com
|
|
|
|
# INSECURE PRACTICE: Hardcoding AD username and password in sssd.conf
|
|
# These values will expose the username and password in plaintext
|
|
ldap_default_bind_dn = cn=admin,cn=users,dc=example,dc=com
|
|
ldap_default_authtok = P@ssw0rd123
|
|
|
|
# Using the above configuration exposes credentials to anyone who can read this file
|
|
|
|
# User and group filtering (optional)
|
|
ldap_id_mapping = true
|
|
|
|
# Performance optimizations
|
|
cache_credentials = true
|
|
enumerate = false
|
|
use_fully_qualified_names = false
|
|
|
|
# Access Control (Optional: limit login to users in AD group 'LinuxAdmins')
|
|
access_provider = simple
|
|
simple_allow_groups = LinuxAdmins
|
|
|
|
# Security settings
|
|
min_id = 1000
|
|
fallback_homedir = /home/%u
|
|
|
|
# Timeout and retry settings for better AD stability
|
|
ldap_search_timeout = 10
|
|
ldap_connection_expire_timeout = 60
|
|
|
|
# Debugging options (uncomment for troubleshooting)
|
|
# debug_level = 9
|
|
|
|
|
|
#> |