Skip to content

Instantly share code, notes, and snippets.

@andrewkroh
Last active June 3, 2022 02:04
Show Gist options
  • Save andrewkroh/851a9db304401068d2ba121d5b39e3c9 to your computer and use it in GitHub Desktop.
Save andrewkroh/851a9db304401068d2ba121d5b39e3c9 to your computer and use it in GitHub Desktop.
NetUserGetInfo tester tool for Windows
package main
import (
"flag"
"log"
"os/user"
"syscall"
"unsafe"
"golang.org/x/sys/windows"
)
func main() {
var serverName = flag.String("server-name", "", "server name")
var userName = flag.String("username", "", "user name")
var currentUser = flag.Bool("current", false, "Print value from Go's user.Current().")
flag.Parse()
if *currentUser {
log.Println("Calling user.Current()")
u, err := user.Current()
if err != nil {
log.Fatal("Error:", err)
}
log.Printf("Current user: %#v", u)
return
} else if *serverName != "" || *userName != "" {
log.Printf("Calling NetUserGetInfo(%q, %q, 10, <buf>)", *serverName, *userName)
fullName, err := NetUserGetInfo(*serverName, *userName)
log.Print("Exited NetUserGetInfo")
if err != nil {
log.Fatal("Error:", err)
}
log.Println("User Full Name:", fullName)
} else {
flag.Usage()
}
}
func NetUserGetInfo(servername, username string) (string, error) {
var s *uint16
if servername != "" {
var e error
s, e = syscall.UTF16PtrFromString(servername)
if e != nil {
return "", e
}
}
u, e := syscall.UTF16PtrFromString(username)
if e != nil {
return "", e
}
var p *byte
e = syscall.NetUserGetInfo(s, u, 10, &p)
if e != nil {
return "", e
}
defer syscall.NetApiBufferFree(p)
i := (*syscall.UserInfo10)(unsafe.Pointer(p))
return windows.UTF16PtrToString(i.FullName), nil
}

Output when run as a SYSTEM user:

PS C:\> PsExec.exe -s C:\netusergetinfo.exe -current

PsExec v2.34 - Execute processes remotely
Copyright (C) 2001-2021 Mark Russinovich
Sysinternals - www.sysinternals.com


2022/06/03 02:00:22 Calling user.Current()
2022/06/03 02:00:22 Current user: &user.User{Uid:"S-1-5-18", Gid:"S-1-5-18", Username:"NT AUTHORITY\\SYSTEM", Name:"SYSTEM", HomeDir:"C:\\Windows\\system32\\config\\systemprofile"}
C:\netusergetinfo.exe exited on AKROH-WINDOWS20 with error code 0.

Output as a regular user:

PS C:\> .\netusergetinfo.exe -current
2022/06/03 02:00:39 Calling user.Current()
2022/06/03 02:00:39 Current user: &user.User{Uid:"S-1-5-21-1844000655-3260516853-2179737697-1000", Gid:"S-1-5-21-1844000655-3260516853-2179737697-513", Username:"AKROH-WINDOWS20\\andrew_kroh", Name:"andrew_kroh", HomeDir:"C:\\Users\\andrew_kroh"}

Fast failure when attempting to get full name of NT AUTHORITY\SYSTEM.

PS C:\> .\netusergetinfo.exe -username SYSTEM -server-name "NT AUTHORITY"
2022/06/03 02:00:46 Calling NetUserGetInfo("NT AUTHORITY", "SYSTEM", 10, <buf>)
2022/06/03 02:00:46 Exited NetUserGetInfo
2022/06/03 02:00:46 Error:The RPC server is unavailable.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment