Skip to content

Instantly share code, notes, and snippets.

@w4kfu

w4kfu/sdshow.py

Created July 20, 2017 13:27
Show Gist options
  • Save w4kfu/c9ca45c4f5be7583482107e4323c5073 to your computer and use it in GitHub Desktop.
Save w4kfu/c9ca45c4f5be7583482107e4323c5073 to your computer and use it in GitHub Desktop.
Download ZIP
sdshow readable
Raw
sdshow.py
import subprocess
import sys
ACE_TYPE = {
"A" : "ACCESS_ALLOWED_ACE_TYPE",
"D" : "ACCESS_DENIED_ACE_TYPE",
"OA" : "ACCESS_ALLOWED_OBJECT_ACE_TYPE",
"OD" : "ACCESS_DENIED_OBJECT_ACE_TYPE",
"AU" : "SYSTEM_AUDIT_ACE_TYPE",
"AL" : "SYSTEM_ALARM_ACE_TYPE",
"OU" : "SYSTEM_AUDIT_OBJECT_ACE_TYPE",
"OL" : "SYSTEM_ALARM_OBJECT_ACE_TYPE",
"ML" : "SYSTEM_MANDATORY_LABEL_ACE_TYPE",
"XA" : "ACCESS_ALLOWED_CALLBACK_ACE_TYPE",
"XD" : "ACCESS_DENIED_CALLBACK_ACE_TYPE",
"RA" : "SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE",
"SP" : "SYSTEM_SCOPED_POLICY_ID_ACE_TYPE",
"XU" : "SYSTEM_AUDIT_CALLBACK_ACE_TYPE",
"ZA" : "ACCESS_ALLOWED_CALLBACK_ACE_TYPE",
}
ACE_FLAGS = {
"CI" : "CONTAINER_INHERIT_ACE",
"OI" : "OBJECT_INHERIT_ACE",
"NP" : "NO_PROPAGATE_INHERIT_ACE",
"IO" : "INHERIT_ONLY_ACE",
"ID" : "INHERITED_ACE",
"SA" : "SUCCESSFUL_ACCESS_ACE_FLAG",
"FA" : "FAILED_ACCESS_ACE_FLAG",
}
TRUSTEES = {
"AN" : "SDDL_ANONYMOUS",
"AO" : "SDDL_ACCOUNT_OPERATORS",
"AU" : "SDDL_AUTHENTICATED_USERS",
"BA" : "SDDL_BUILTIN_ADMINISTRATORS",
"BG" : "SDDL_BUILTIN_GUESTS",
"BO" : "SDDL_BACKUP_OPERATORS",
"BU" : "SDDL_BUILTIN_USERS",
"CA" : "SDDL_CERT_SERV_ADMINISTRATORS",
"CD" : "SDDL_CERTSVC_DCOM_ACCESS",
"CG" : "SDDL_CREATOR_GROUP",
"CO" : "SDDL_CREATOR_OWNER",
"DA" : "SDDL_DOMAIN_ADMINISTRATORS",
"DC" : "SDDL_DOMAIN_COMPUTERS",
"DD" : "SDDL_DOMAIN_DOMAIN_CONTROLLERS",
"DG" : "SDDL_DOMAIN_GUESTS",
"DU" : "SDDL_DOMAIN_USERS",
"EA" : "SDDL_ENTERPRISE_ADMINS",
"ED" : "SDDL_ENTERPRISE_DOMAIN_CONTROLLERS",
"HI" : "SDDL_ML_HIGH",
"IU" : "SDDL_INTERACTIVE",
"LA" : "SDDL_LOCAL_ADMIN",
"LG" : "SDDL_LOCAL_GUEST",
"LS" : "SDDL_LOCAL_SERVICE",
"LW" : "SDDL_ML_LOW",
"ME" : "SDDL_MLMEDIUM",
"MU" : "SDDL_PERFMON_USERS",
"NO" : "SDDL_NETWORK_CONFIGURATION_OPS",
"NS" : "SDDL_NETWORK_SERVICE",
"NU" : "SDDL_NETWORK",
"PA" : "SDDL_GROUP_POLICY_ADMINS",
"PO" : "SDDL_PRINTER_OPERATORS",
"PS" : "SDDL_PERSONAL_SELF",
"PU" : "SDDL_POWER_USERS",
"RC" : "SDDL_RESTRICTED_CODE",
"RD" : "SDDL_REMOTE_DESKTOP",
"RE" : "SDDL_REPLICATOR",
"RO" : "SDDL_ENTERPRISE_RO_DCs",
"RS" : "SDDL_RAS_SERVERS",
"RU" : "SDDL_ALIAS_PREW2KCOMPACC",
"SA" : "SDDL_SCHEMA_ADMINISTRATORS",
"SI" : "SDDL_ML_SYSTEM",
"SO" : "SDDL_SERVER_OPERATORS",
"SU" : "SDDL_SERVICE",
"SY" : "SDDL_LOCAL_SYSTEM",
"WD" : "SDDL_EVERYONE"
}
ACE_RIGHTS = {
"CC" : "SERVICE_QUERY_CONFIG",
"DC" : "SERVICE_CHANGE_CONFIG",
"LC" : "SERVICE_QUERY_STATUS",
"SW" : "SERVICE_ENUMERATE_DEPENDENTS",
"RP" : "SERVICE_START",
"WP" : "SERVICE_STOP",
"DT" : "SERVICE_PAUSE_CONTINUE",
"LO" : "SERVICE_INTERROGATE",
"CR" : "SERVICE_USER_DEFINED_CONTROL",
"SD" : "_DELETE",
"RC" : "READ_CONTROL",
"WD" : "WRITE_DAC",
"WO" : "WRITE_OWNER",
}
def parse_str(dico, s):
l = []
for k in dico.keys():
if k in s:
l.append(dico[k])
return ' | '.join(l)
def parse_dacl(content):
elts = [x[:-1] for x in content.split("(") if len(x)]
for elt in elts:
type, flags, rights, objtype, inheritedobjtype, trustee = elt.split(";")
print " + Access control entry : ", ACE_TYPE[type]
if len(flags):
print " - Flags : ", parse_str(ACE_FLAGS, flags)
if len(rights):
print " - Rights : ", parse_str(ACE_RIGHTS, rights)
if len(objtype):
print " - Object type : ", objtype
if len(inheritedobjtype):
print " - Inherited object type : ", objtype
print " - Trustee: ", TRUSTEES[trustee]
def parse_sddl(input):
parts = input.split(":")
for i in xrange(0, len(parts)):
if parts[i] == "D":
print "[+] DACL:"
i = i + 1
elt = parts[i]
parse_dacl(elt)
if __name__ == '__main__':
if len(sys.argv) < 2:
sys.exit("Usage: %s <SERVICE_NAME>" % sys.argv[0])
parse_sddl(subprocess.check_output(["sc", "sdshow", sys.argv[1]]).strip())
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment