@@ -224,6 +224,9 @@ def enum_host_info(self):
224224 if not self .domain :
225225 self .domain = self .hostname
226226
227+ if self .args .kerberos :
228+ self .domain = self .conn .getServerDNSDomainName ()
229+
227230 self .db .add_computer (self .host , self .hostname , self .domain , self .server_os )
228231
229232 try :
@@ -252,17 +255,25 @@ def print_host_info(self):
252255 self .signing ,
253256 self .smbv1 ))
254257 def kerberos_login (self , aesKey , kdcHost ):
258+ # dirty code to check if user is admin but pywerview does not support kerberos auth ...
259+ error = ''
255260 try :
256261 self .conn .kerberosLogin ('' , '' , self .domain , self .lmhash , self .nthash , aesKey , kdcHost )
257- # self.check_if_admin() # currently not working with kerberos so we set admin_privs to True
262+ # self.check_if_admin() # currently pywerview does not support kerberos auth
263+ except SessionError as e :
264+ error = e
265+ try :
266+ self .conn .connectTree ("C$" )
258267 self .admin_privs = True
268+ except SessionError as e :
269+ pass
270+ if not error :
259271 out = u'{}\\ {} {}' .format (self .domain ,
260272 self .conn .getCredentials ()[0 ],
261273 highlight ('({})' .format (self .config .get ('CME' , 'pwn3d_label' )) if self .admin_privs else '' ))
262274 self .logger .success (out )
263275 return True
264- except SessionError as e :
265- error , desc = e .getErrorString ()
276+ else :
266277 self .logger .error (u'{} {} {}' .format (self .domain ,
267278 error ,
268279 '({})' .format (desc ) if self .args .verbose else '' ))
@@ -389,7 +400,6 @@ def check_if_admin(self):
389400 lmhash , nthash = self .hash .split (':' )
390401 else :
391402 nthash = self .hash
392-
393403 self .admin_privs = invoke_checklocaladminaccess (self .host , self .domain , self .username , self .password , lmhash , nthash )
394404
395405 def gen_relay_list (self ):
0 commit comments