diff --git a/monkey_island/cc/resources/pthmap.py b/monkey_island/cc/resources/pthmap.py
index 989df830d..e33bd4870 100644
--- a/monkey_island/cc/resources/pthmap.py
+++ b/monkey_island/cc/resources/pthmap.py
@@ -173,23 +173,40 @@ class Machine(object):
@cache
def GetUsernameBySid(self, sid):
+ info = self.GetSidInfo(sid)
+
+ if not info:
+ return None
+
+ return info["Domain"] + "\\" + info["Username"]
+
+ @cache
+ def GetSidInfo(self, sid):
doc = self.latest_system_info
for user in doc["data"]["Win32_UserAccount"]:
if eval(user["SID"]) != sid:
continue
- return eval(user["Name"])
+ return { "Domain": eval(user["Domain"]),
+ "Username": eval(user["Name"]),
+ "Disabled": user["Disabled"] == "true",
+ "PasswordRequired": user["PasswordRequired"] == "true",
+ "PasswordExpires": user["PasswordExpires"] == "true", }
if not self.IsDomainController():
for dc in self.GetDomainControllers():
- username = dc.GetUsernameBySid(sid)
+ domain = dc.GetSidInfo(sid)
- if username != None:
- return username
+ if domain != None:
+ return domain
return None
+ @cache
+ def GetInstalledServices(self):
+ "IIS-WebServer"
+
@cache
def GetUsernamesBySecret(self, secret):
sam = self.GetLocalSecrets()
@@ -622,6 +639,16 @@ class PassTheHashMap(object):
return None
+ @cache
+ def GetSidInfo(self, sid):
+ for m in self.machines:
+ info = m.GetSidInfo(sid)
+
+ if info:
+ return info
+
+ return None
+
@cache
def GetSidsBySecret(self, secret):
SIDs = set()
@@ -868,8 +895,9 @@ def main():
for sid in pth.GetAllSids():
print """SID '{sid}'
+ Domain: {domain}
- """.format(username=pth.GetUsernameBySid(sid), sid=sid, secret=pth.GetSecretBySid(sid))
+ """.format(username=pth.GetUsernameBySid(sid), sid=sid, secret=pth.GetSecretBySid(sid), domain=pth.GetSidInfo(sid)["Domain"])
print """Attackable Machines
"""
print """