Extract obsolete operating systems from LDAP

[Shad0wC0ntr0ller]

Extract enabled obsolete operating systems from LDAP

nxc ldap dcip -u user -p password -M obsolete

[zblurx]

Hey, I love this idea
However for parsing purpose, choosing arrow as the separator is not great (how can you awk the output ?)
What about machinename (10.10.10.1) : OS name ?
Or maybe a module option to set a delimiter or even a csv output file ?

[Shad0wC0ntr0ller]

@zblurx you know, that’s a great point that has not been brought to my attention before. I will update the module in an hour or so. Thanks for the good call out.

but I will say, you don’t need to do any awk or grep, etc because it saves all the hostnames to a file for you already. But I get the point

[Shad0wC0ntr0ller]

@zblurx I have made the adjustment. I also went ahead and added Server 2012 as that's less than a couple of weeks away. Finally i updated the output path from cme to nxc.

[NeffIsBack]

Nice! Also it would probably be nice to give some feedback to the user about the file you are saving the output to. Something like sam and lsa dump do

[Shad0wC0ntr0ller]

There is an info statement that shows where the file is saved to in the output already.

Are you saying you want them to get added to a database like this ? Or at least print the number of obsolete hosts found ?

[NeffIsBack]

Oh my bad, missed that line. Just wanted to have the file path in some output but you already thought of that😄

[zblurx]

There is a more conventional way to get the logs folders in NXC -> log_folder_path = os.path.join(os.path.expanduser("~/.nxc"), "logs")

[evildrummer]

Maybe adding the pwdlastset of the host? So you know it if the host is "kind a active"

[zblurx]

Maybe adding the pwdlastset of the host? So you know it if the host is "kind a active"

Excellent idea. I don't know if there is a more relevant LDAP attribute to see if the host is still active so this one can be good.
As an module parameter or by default ?

[Shad0wC0ntr0ller]

@evildrummer @zblurx Excellent ideas, I will look into this later today !
I don't want to make the output to long on each line though , ill need to find a good format to include everything and still be readable.

[evildrummer]

@Shad0wC0ntr0ller
Maybe just output hosts with a timestamp below 30 days. That's the the time we're computer passwords change. And add a parameter to get all hosts. Even with a super old timestamp

[Marshall-Hallenbeck]

@Shad0wC0ntr0ller can you update the single quote usage to be double quotes, and also add this module to the e2e tests command file (tests/e2e_commands.txt)?

[NeffIsBack]

@Shad0wC0ntr0ller any update on this?

[Shad0wC0ntr0ller]

Sorry guys been busy with other things, ill get this handled by EOD today

[NeffIsBack]

Sorry guys been busy with other things, ill get this handled by EOD today

Awesome, but no pressure, justed wanted to check :)

[Marshall-Hallenbeck]

@Shad0wC0ntr0ller did you want to get this up to date and working? We'd like to include it in the v1.2 release if you have time :)

[Shad0wC0ntr0ller]

I will try to make the needed updates over the next couple of days. Thank you

[Shad0wC0ntr0ller]

Sorry for the delay, I have updated the script it will now include the pwdlastset variable. let me know if there's any more adjustments you would like to see. thank you

[NeffIsBack]

Very nice addition! Thanks again for you work

[NeffIsBack]

Working flawlessly:

[enj5oy]

@Shad0wC0ntr0ller hello, can you explain when this info can help?

[evildrummer]

@enj5oy it was a request from me. In PenTests you always check fir legacy or unsupported systems for the client.
It could also be a quick overview for easy targets