[enhancement] Adding column to show if SPN exists in finddelegations.…

…py (fortra#1727) * Added a SPN column to check for existence * Created checkIfSPNExists() function
ThePorgs · May 23, 2024 · 15eff88 · 15eff88
1 parent 452ca84
commit 15eff88
Showing 1 changed file with 28 additions and 4 deletions.
diff --git a/examples/findDelegation.py b/examples/findDelegation.py
@@ -35,6 +35,28 @@
 from impacket.smbconnection import SMBConnection, SessionError
 
 
+def checkIfSPNExists(ldapConnection, sAMAccountName, rights):
+    # Check if SPN exists
+    spnExists = "-"
+    if rights == "N/A":
+        query = "(servicePrincipalName=HOST/%s)" % sAMAccountName.rstrip("$")
+    else:
+        query = "(servicePrincipalName=%s)"%rights
+
+    respSpnExists = ldapConnection.search(
+        searchFilter=query, 
+        attributes=["servicePrincipalName", "distinguishedName"], 
+        sizeLimit=1
+    )
+    results = [item for item in respSpnExists if isinstance(item, ldapasn1.SearchResultEntry)]
+    if len(results) != 0:
+        spnExists = "Yes"
+    else:
+        spnExists = "No"
+
+    return spnExists
+
+
 class FindDelegation:
     @staticmethod
     def printTable(items, header):
@@ -225,7 +247,8 @@ def run(self):
                                 logging.debug('Bypassing disabled account %s ' % sAMAccountName)
                             else:
                                 for rights, objType in zip(rbcdRights,rbcdObjType):
-                                    answers.append([rights, objType, 'Resource-Based Constrained', sAMAccountName])
+                                    spnExists = checkIfSPNExists(ldapConnection, sAMAccountName, rights)
+                                    answers.append([rights, objType, 'Resource-Based Constrained', sAMAccountName, str(spnExists)])
 
                 #print unconstrained + constrained delegation relationships
                 if delegation in ['Unconstrained', 'Constrained', 'Constrained w/ Protocol Transition']:
@@ -234,13 +257,14 @@ def run(self):
                                 logging.debug('Bypassing disabled account %s ' % sAMAccountName)
                             else:
                                 for rights in rightsTo:
-                                    answers.append([sAMAccountName, objectType, delegation, rights])
+                                    spnExists = checkIfSPNExists(ldapConnection, sAMAccountName, rights)
+                                    answers.append([sAMAccountName, objectType, delegation, rights, str(spnExists)])
             except Exception as e:
                 logging.error('Skipping item, cannot process due to error %s' % str(e))
                 pass
 
-        if len(answers)>0:
-            self.printTable(answers, header=[ "AccountName", "AccountType", "DelegationType", "DelegationRightsTo"])
+        if len(answers) > 0:
+            self.printTable(answers, header=["AccountName", "AccountType", "DelegationType", "DelegationRightsTo", "SPN Exists"])
             print('\n\n')
         else:
             print("No entries found!")