Revision 759e5d5b image_creator/os_type/windows.py
b/image_creator/os_type/windows.py | ||
---|---|---|
649 | 649 |
|
650 | 650 |
h = hivex.Hivex(sam) |
651 | 651 |
|
652 |
key = h.root() |
|
652 |
# Navigate to /SAM/Domains/Account/Users |
|
653 |
users_node = h.root() |
|
654 |
for child in ('SAM', 'Domains', 'Account', 'Users'): |
|
655 |
users_node = h.node_get_child(users_node, child) |
|
656 |
|
|
653 | 657 |
# Navigate to /SAM/Domains/Account/Users/Names |
654 |
for child in ('SAM', 'Domains', 'Account', 'Users', 'Names'): |
|
655 |
key = h.node_get_child(key, child) |
|
658 |
names_node = h.node_get_child(users_node, 'Names') |
|
656 | 659 |
|
657 |
users = [h.node_name(x) for x in h.node_children(key)] |
|
660 |
# HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\%RID% |
|
661 |
# HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\%Username% |
|
662 |
# |
|
663 |
# The RID (relative identifier) of each user is stored as the type! |
|
664 |
# (not the value) of the default key of the node under Names whose |
|
665 |
# name is the user's username. Under the RID node, there in a F |
|
666 |
# value that contains information about this user account. |
|
667 |
# |
|
668 |
# See sam.h of the chntpw project on how to translate the F value |
|
669 |
# of an account in the registry. Bytes 56 & 57 are the account type |
|
670 |
# and status flags. The first bit is the 'account disabled' bit |
|
671 |
disabled = lambda f: int(f[56].encode('hex'), 16) & 0x01 |
|
672 |
|
|
673 |
users = [] |
|
674 |
for user_node in h.node_children(names_node): |
|
675 |
username = h.node_name(user_node) |
|
676 |
rid = h.value_type(h.node_get_value(user_node, ""))[0] |
|
677 |
# if RID is 500 (=0x1f4), the corresponding node name under |
|
678 |
# Users is '000001F4' |
|
679 |
key = ("%8.x" % rid).replace(' ', '0').upper() |
|
680 |
rid_node = h.node_get_child(users_node, key) |
|
681 |
f_value = h.value_value(h.node_get_value(rid_node, 'F'))[1] |
|
682 |
|
|
683 |
if disabled(f_value): |
|
684 |
self.out.warn("Found disabled `%s' account!" % username) |
|
685 |
continue |
|
686 |
|
|
687 |
users.append(username) |
|
658 | 688 |
|
659 | 689 |
finally: |
660 | 690 |
os.unlink(sam) |
661 | 691 |
|
662 | 692 |
# Filter out the guest account |
663 |
return filter(lambda x: x != "Guest", users)
|
|
693 |
return users
|
|
664 | 694 |
|
665 | 695 |
def _check_connectivity(self): |
666 | 696 |
"""Check if winexe works on the Windows VM""" |
Also available in: Unified diff