Merge pull request #93 from tiyeuse/master

Improve password reset feature
franc-pentest · Jul 24, 2024 · 383177e · 383177e
2 parents ced7126 + e6e3c08
commit 383177e
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/README.rst b/README.rst
@@ -203,7 +203,7 @@ LDAP
     commands:
       available commands
 
-      {auth_policies,bitlockerkeys,computers,conf,delegations,domain_policy,fsmo,gmsa,gpo,groups,machines,ou,pkis,pso,sccm,shadow_principals,silos,smsa,subnets,trusts,users,zones,from_guid,from_sid,laps,memberships,membersof,object,sddl,silo,zone,all,enum_users,search,whoami,add_to_group,create_computer,create_user,modify_password,remove_from_group,unlock}
+      {auth_policies,bitlockerkeys,computers,conf,delegations,domain_policy,fsmo,gmsa,gpo,groups,machines,ou,pkis,pso,sccm,shadow_principals,silos,smsa,subnets,trusts,users,zones,from_guid,from_sid,laps,memberships,membersof,object,sddl,silo,zone,all,enum_users,search,whoami,add_to_group,change_uac,create_computer,create_user,modify_password,remove_from_group,unlock}
         auth_policies       List the authentication policies configured in the Active Directory.
         bitlockerkeys       Extract the bitlocker recovery keys.
         computers           List the computer hostnames and resolve them if --resolve is specify.
@@ -240,6 +240,7 @@ LDAP
         search              Query the LDAP with `filter` and retrieve ALL or `attributes` if specified.
         whoami              Return user identity.
         add_to_group        Add `user` to `group`.
+        change_uac          Change user account control
         create_computer     Create a computer account
         create_user         Create a user account
         modify_password     Change `user`'s password.

diff --git a/ldeep/views/ldap_activedirectory.py b/ldeep/views/ldap_activedirectory.py
@@ -844,7 +844,14 @@ def modify_password(self, username, oldpassword, newpassword):
             raise self.ActiveDirectoryLdapException("Zero or non uniq result")
         else:
             user = results[0]
-            return ad_modify_password(self.ldap, user["dn"], newpassword, None)
+            res = ad_modify_password(
+                self.ldap, user["dn"], newpassword, old_password=oldpassword
+            )
+            if res == False:
+                res = ad_modify_password(
+                    self.ldap, user["dn"], newpassword, old_password=None
+                )
+            return res
 
     def add_user_to_group(self, user_dn, group_dn):
         """
@@ -888,11 +895,9 @@ def change_uac(self, user_dn, uac):
         @return True if the UAC was successfully changed or False otherwise.
         """
         try:
-            # return connection.modify(user_dn, {'userAccountControl':[(ldap3.MODIFY_REPLACE, ["66048"])]}))
             return self.ldap.modify(
                 user_dn, {"userAccountControl": [(MODIFY_REPLACE, [uac])]}
             )
-            # return removeUsersInGroups(self.ldap, user_dn, group_dn, fix=True)
         except ldap3.core.exceptions.LDAPInvalidDnError as e:
             print(f"Unhandled exception: {e}")
             # catch invalid group dn