Joel Perron-Langlois pljoel

## vsphere_priv_ids.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              3 stars
            
          
                pljoel
                / vsphere_priv_ids.md
            
            
              Last active
              January 24, 2023 20:54
            
              
                VMware vSphere Privilege IDs
              
          
    VMware vSphere Privilege ID Mapping

This file contains the mapping between the VMware vSphere UI Privileges and the Privilege IDs.
The mapping can be useful when working with the vSphere APIs, vsphere_role resource of the Hashicorp Terraform vSphere provider, etc.
The following privileges have been retrieved from VMware vCenter Server 7.0 Update 3H:


Category (UI) / Managed Object Type
Group Name (UI) / Group ID
Privilege Name (UI) / Privilege Name
Privilege ID


Alarms
Alarm
-
Acknowledge alarm
Acknowledge
Alarm.Acknowledge


Alarms
Alarm
-
Create alarm
Create
Alarm.Create


## get_user_group_sids.py
import subprocess

def _get_user_group_sids(username: str, only_rid: bool = False) -> list:
    # Reference: https://docs.microsoft.com/en-us/dotnet/api/system.security.principal.windowsidentity

    # Only retrieve the domain SIDs
    cmd_user_group_sids = f"([System.Security.Principal.WindowsIdentity]::new(\"{username}\").Groups | Where AccountDomainSid).Value"

    process_user_group_sids = subprocess.run(["powershell", "-Command", cmd_user_group_sids], capture_output=True, text=True)
    if process_user_group_sids.returncode != 0 or not process_user_group_sids.stdout:

## get_domain_sid.py
import subprocess

def get_domain_sid(domain_name: str) -> str:
    # Reference: https://docs.microsoft.com/en-us/dotnet/api/system.security.principal.securityidentifier

    domain_component = [f"dc={dc}" for dc in domain_name.split(sep='.')] if domain_name else []
    domain_component = ",".join(domain_component)
    domain_dn = f"LDAP://{domain_component}"
    domain_sid_binary = f"([ADSI]\"{domain_dn}\").objectSid.Value"
    cmd_domain_sid = f"[System.Security.Principal.SecurityIdentifier]::new({domain_sid_binary}, 0).Value"

## Instructions-to-mimikatz-js.txt
It is basically a wrap of the following projects:
 - mimikatz (https://github.com/gentilkiwi/mimikatz)
 - mimikatz in .NET by Casey Smith (https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7)
            Updated from 2.0.0 to 2.1.1 (https://gist.github.com/pljoel/410eeebcaf118b9ac8b8f2b40fd5e863)
 - DotNetToJScript (https://github.com/tyranid/DotNetToJScript)

 INSTRUCTIONS:
 1. Grab the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases
 2. a) Uncomment the building lines from Casey's project in Delivery.Program.Main() (You may want to comment the Exec() line though)
    b) It is going to produce a file.b64, so copy it's content and replace Delivery.Package.file string by it

## katz.cs
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;

/*
Category (UI) / Managed Object Type	Group Name (UI) / Group ID	Privilege Name (UI) / Privilege Name	Privilege ID
Alarms `Alarm`	-	Acknowledge alarm `Acknowledge`	`Alarm.Acknowledge`
Alarms `Alarm`	-	Create alarm `Create`	`Alarm.Create`
	import subprocess

	def _get_user_group_sids(username: str, only_rid: bool = False) -> list:
	# Reference: https://docs.microsoft.com/en-us/dotnet/api/system.security.principal.windowsidentity

	# Only retrieve the domain SIDs
	cmd_user_group_sids = f"([System.Security.Principal.WindowsIdentity]::new(\"{username}\").Groups \| Where AccountDomainSid).Value"

	process_user_group_sids = subprocess.run(["powershell", "-Command", cmd_user_group_sids], capture_output=True, text=True)
	if process_user_group_sids.returncode != 0 or not process_user_group_sids.stdout:
	import subprocess

	def get_domain_sid(domain_name: str) -> str:
	# Reference: https://docs.microsoft.com/en-us/dotnet/api/system.security.principal.securityidentifier

	domain_component = [f"dc={dc}" for dc in domain_name.split(sep='.')] if domain_name else []
	domain_component = ",".join(domain_component)
	domain_dn = f"LDAP://{domain_component}"
	domain_sid_binary = f"([ADSI]\"{domain_dn}\").objectSid.Value"
	cmd_domain_sid = f"[System.Security.Principal.SecurityIdentifier]::new({domain_sid_binary}, 0).Value"
	It is basically a wrap of the following projects:
	- mimikatz (https://github.com/gentilkiwi/mimikatz)
	- mimikatz in .NET by Casey Smith (https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7)
	Updated from 2.0.0 to 2.1.1 (https://gist.github.com/pljoel/410eeebcaf118b9ac8b8f2b40fd5e863)
	- DotNetToJScript (https://github.com/tyranid/DotNetToJScript)

	INSTRUCTIONS:
	1. Grab the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases
	2. a) Uncomment the building lines from Casey's project in Delivery.Program.Main() (You may want to comment the Exec() line though)
	b) It is going to produce a file.b64, so copy it's content and replace Delivery.Package.file string by it
	using System;
	using System.IO;
	using System.Text;
	using System.IO.Compression;
	using System.EnterpriseServices;
	using System.Collections.Generic;
	using System.Runtime.InteropServices;
	using System.Security.Cryptography;

	/*