Pywerview

Features

- new function: `get-objectowner`. You can use this function to retrieve owner of any Active Directory object.
- new attribute: `_well_known_rids` in `ADObject`. A (partial) list of well known RIDs.

Modifications

- better SPN patching: the realm part is ignored
- hunting functions are fixed
- hunting functions implement json output
- More well known SIDs

Features

- pywerview falls back to simple authentication if Channel Binding and LDAP Signing patches are not installed. This fallback only works if:
- Authentication is done with a password
- LDAPS (TCP port 636) is open

Modifications

- you can use impacket's pth syntax with pywerview (e.g. `--hashes :deadbeefdeadbeefdeadbeef`)
- adding possibility to change namespace and rpc auth level for wmi
- Docker file no longer manually installs dsinternals

Features

- pywerview can now use `ldap3` [special branch](https://github.com/ThePirateWhoSmellsOfSunflowers/ldap3/tree/tls_cb_and_seal_for_ntlm) to work against hardened DCs. Thus, if the targeted DC enforces LDAP Signing and/or Channel Binding, please use this custom `ldap3` version. S/O CravateRouge

Modifications

- Fixed `get-objectacl` when used with `--resolve-guid`
- Two new functions are available : `get-netsmsa` and `get-netgmsa` (by pbalmelle)
- `get-adservices` no longer exists, use `get-netgmsa` to retrieve gMSA

Features

- SChannel authentication is now supported (see `README` for details)

Modifications

- Fixed `get_adserviceaccount` to works with kerberos authentication
- Adding command line custom filter attributes to several functions
- `get-netdomaintrust` no longer tries to interpret results
- Adding `--full-data` flag to `get-netdomaintrust`
- fixed performance issues, no more multiple LDAP connections with some functions

Features

* Added a `--laps-passwords` option to `get-netcomputer` to query only computers for which the user can read LAPS passwords (thanks SAERXCIT).
* Added `allowed-to-authenticate` in the right filter list for `get-objectacl`. This can be useful when Selective Authentication is set (see https://twitter.com/AlmondOffSec/status/1577958969523535873).
* Added a `--pre-created` option to `get-netcomputer` to return potentially vulnerable computer accounts (see https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/). Caution: This option is prone to false positives and negatives.
* Added a Dockerfile based on a Ubuntu image (thanks sdcampbell and p1gp1g).

Modifications

* `useraccountcontrol` attribute is now returned when using `get-netgroupmember` function. This can be useful to detect disabled admin accounts or accounts that are not allowed for delegation.
* The project now uses `beautifulsoup4` instead of `bs4` package (thanks fabaff).
* `ms-Mcs-AdmPwdExpirationTime` is now formatted as a timestamp.
* `get-netcomputer` now returns all computer accounts even those without `dnshostname`.
* `samaccountype` attribute is now formatted as a string.
* The project now falls back to pycryptodome if pycryptodomex is not installed (thanks thesamesam).
* `get-netgroupmember` now returns also computer accounts
* Better exception handling to detect Channel Binding and LDAP Signing

Features
- Kerberos authentication is now supported (see `README` for details)
- Added a `get-adserviceaccount` functionality
- Added a `--logging` option to get different debug levels and messages
- Results can be dumped as JSON using `--json`
- TLS connection can be forced using `--tls`

Modifications
- Fixed `find-gpocomputeradmin`: there was a bug when setting `isgroup` attribute in `GPOComputerAdmin` object
- Fixed `get-domainpolicy`: fixed a bug in SID resolving
- Fixed dependencies and setup script (merged 46 and 47)