A simple way to read and write LAPS passwords from linux.

Overview

banner

A simple way to read and write LAPS passwords from linux.

This script is a python setter/getter for property ms-Mcs-AdmPwd used by LAPS inspired by @swisskyrepo's SharpLAPS in C#.

Require (either):

  • Account with ExtendedRight or GenericRead to get LAPS passwords
  • Account with ExtendedRight or GenericWrite to set LAPS passwords
  • Domain Admin privileges

General usage

This tool supports many authentication methods:

                 __    ___    ____  _____
    ____  __  __/ /   /   |  / __ \/ ___/
   / __ \/ / / / /   / /| | / /_/ /\__ \   
  / /_/ / /_/ / /___/ ___ |/ ____/___/ /   
 / .___/\__, /_____/_/  |_/_/    /____/    v1.1
/_/    /____/           @podalirius_           

usage: pyLAPS.py [-h] [--use-ldaps] [-q] [-debug] [-a [{get,set}]] [-c TARGET_COMPUTER] [-v TARGET_VALUE] [--dc-ip ip address] [-d DOMAIN] [-u USER]
 [--no-pass | -p PASSWORD | -H [LMHASH:]NTHASH | --aes-key hex key] [-k]

Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.

optional arguments:
-h, --help            show this help message and exit
--use-ldaps           Use LDAPS instead of LDAP
-debug                Debug mode
-a [{get,set}], --action [{get,set}]
        Get or Set the LAPS password
-c TARGET_COMPUTER, --computer TARGET_COMPUTER
        Target computer to modify
-v TARGET_VALUE, --value TARGET_VALUE
        New password to set

authentication & connection:
--dc-ip ip address    IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted it will use the domain part (FQDN)
        specified in the identity parameter
-d DOMAIN, --domain DOMAIN
        (FQDN) domain to authenticate to
-u USER, --user USER  User to authenticate as

--no-pass             don't ask for password (useful for -k)
-p PASSWORD, --password PASSWORD
        password to authenticate with
-H [LMHASH:]NTHASH, --hashes [LMHASH:]NTHASH
        NT/LM hashes, format is LMhash:NThash
--aes-key hex key     AES key to use for Kerberos Authentication (128 or 256 bits)
-k, --kerberos        Use Kerberos authentication. Grabs credentials from .ccache file (KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the ones specified in the command line

Read the password of all computers

# ./pyLAPS.py --action get -u 'Administrator' -d 'LAB.local' -p 'Admin123!' --dc-ip 192.168.2.1
                 __    ___    ____  _____
    ____  __  __/ /   /   |  / __ \/ ___/
   / __ \/ / / / /   / /| | / /_/ /\__ \   
  / /_/ / /_/ / /___/ ___ |/ ____/___/ /   
 / .___/\__, /_____/_/  |_/_/    /____/    v1.1
/_/    /____/           @podalirius_           

[+] Extracting LAPS passwords of all computers ...
  | PC01$           : H0zqUkoCAcbVXf0Q3ZbQ
  | PC02$           : PoSaRYUhqbLQjWjY9D0g
  | PC17$           : spf41mUjm9pxrgl11Osd
  | PC25$           : oqy814nS1p2lRVlatcKG

Read the password of a specific computer

# ./pyLAPS.py --action get --computer 'PC01$' -u 'Administrator' -d 'LAB.local' -p 'Admin123!' --dc-ip 192.168.2.1
                 __    ___    ____  _____
    ____  __  __/ /   /   |  / __ \/ ___/
   / __ \/ / / / /   / /| | / /_/ /\__ \   
  / /_/ / /_/ / /___/ ___ |/ ____/___/ /   
 / .___/\__, /_____/_/  |_/_/    /____/    v1.1
/_/    /____/           @podalirius_           

[+] Extracting LAPS password of computer: PC01$ ...
[+] Searching for the target computer: PC01$
[+] Target computer found: CN=PC01,OU=LAPS Managed Computers,DC=LAB,DC=local
  | PC01$           : Wookie123

Write a random password to a specific computer

When no password is supplied with --value, a random password is generated.

# ./pyLAPS.py --action set --computer 'PC01$' -u 'Administrator' -d 'LAB.local' -p 'Admin123!' --dc-ip 192.168.2.1
                 __    ___    ____  _____
    ____  __  __/ /   /   |  / __ \/ ___/
   / __ \/ / / / /   / /| | / /_/ /\__ \   
  / /_/ / /_/ / /___/ ___ |/ ____/___/ /   
 / .___/\__, /_____/_/  |_/_/    /____/    v1.1
/_/    /____/           @podalirius_           

[+] Setting LAPS password in LDAP ...
[+] Searching for the target computer
[+] Target computer found: CN=PC01,OU=LAPS Managed Computers,DC=LAB,DC=local
[+] Using random password: qnaEmUsWOqQ6d2PR6wVr
[+] Successfully updated the ms-Mcs-AdmPwd attribute of the target PC01$ to qnaEmUsWOqQ6d2PR6wVr

Write a specific password to a specific computer

You can set the value of ms-Mcs-AdmPwd on a specific computer with --value option like this:

# ./pyLAPS.py --action set --computer 'PC01$' --value "Wookie123" -u 'Administrator' -d 'LAB.local' -p 'Admin123!' --dc-ip 192.168.2.1
                 __    ___    ____  _____
    ____  __  __/ /   /   |  / __ \/ ___/
   / __ \/ / / / /   / /| | / /_/ /\__ \   
  / /_/ / /_/ / /___/ ___ |/ ____/___/ /   
 / .___/\__, /_____/_/  |_/_/    /____/    v1.1
/_/    /____/           @podalirius_               

[+] Setting LAPS password in LDAP ...
[+] Searching for the target computer
[+] Target computer found: CN=PC01,OU=LAPS Managed Computers,DC=LAB,DC=local
[+] Successfully updated the ms-Mcs-AdmPwd attribute of the target PC01$ to Wookie123

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

You might also like...
A flexible free and unlimited python tool to translate between different languages in a simple way using multiple translators.
A flexible free and unlimited python tool to translate between different languages in a simple way using multiple translators.

deep-translator Translation for humans A flexible FREE and UNLIMITED tool to translate between different languages in a simple way using multiple tran

This is a far more in-depth and advanced version of "Write user interface to a file API Sample"

Fusion360-Write-UserInterface This is a far more in-depth and advanced version of "Write user interface to a file API Sample" from https://help.autode

 ⚙️ Compile, Read and update your .conf file in python
⚙️ Compile, Read and update your .conf file in python

⚙️ Compile, Read and update your .conf file in python

Discovering local read-level DNA methylation patterns and DNA methylation heterogeneity in intermediately methylated regions

Discovering local read-level DNA methylation patterns and DNA methylation heterogeneity in intermediately methylated regions

Users can read others' travel journeys in addition to being able to upload and delete posts detailing their own experiences

Users can read others' travel journeys in addition to being able to upload and delete posts detailing their own experiences! Posts are organized by country and destination within that country.

Snakemake worflow to process and filter long read data from Oxford Nanopore Technologies.
Snakemake worflow to process and filter long read data from Oxford Nanopore Technologies.

Nanopore-Workflow Snakemake workflow to process and filter long read data from Oxford Nanopore Technologies. It is designed to compare whole human gen

A simple and easy to use Python's PIP configuration manager, similar to the Arch Linux's Java manager.
A simple and easy to use Python's PIP configuration manager, similar to the Arch Linux's Java manager.

PIPCONF - The PIP configuration manager If you need to manage multiple configurations containing indexes and trusted hosts for PIP, this project was m

A simple project which is a ecm to found a good way to provide a path to img_dir in gooey

ECM to find a good way for img_dir Path in Gooey This code is just an ECM to find a good way to indicate a path of image in image_dir variable. We loo

Med to csv - A simple way to parse MedAssociate output file in tidy data

MedAssociates to CSV file A simple way to parse MedAssociate output file in tidy

Releases(1.1)
Owner
Podalirius
Hacker of everything
Podalirius
Tool to audit and fix Python project requirements.

Requirement Auditor Utility to revise and updated python requirement files.

Luis Carlos Berrocal 1 Nov 07, 2021
Social reading and reviewing, decentralized with ActivityPub

BookWyrm Social reading and reviewing, decentralized with ActivityPub Contents Joining BookWyrm Contributing About BookWyrm What it is and isn't The r

BookWyrm 1.4k Jan 08, 2023
Boot.img patcher for Tolino ebook readers to enable ADB and root.

I'm not responsible for any damage to your devices by running this tool. Please note that you may loose warranty when using this, although (This is no

Aaron Dewes 9 Nov 13, 2022
Collection of functions for working with interlaced content in VapourSynth.

vsfieldkit Collection of functions for working with interlaced content in VapourSynth. It does not have any hard dependencies outside of VapourSynth.

Justin Turner Arthur 11 May 27, 2022
Xoroshiro-cairo - A xoroshiro128** pseudorandom number generator implementation in Cairo

xoroshiro-cairo A xoroshiro128** pseudorandom number generator implementation in

Milan Cermak 26 Oct 05, 2022
Chess bot can play automatically as white or black on lichess.com, chess.com and any website using drag and drop to move pieces

Chessbot "Why create another chessbot ?" The explanation is simple : I did not find a free bot I liked online : all the bots I saw on internet are par

Dhimas Bagus Prayoga 2 Nov 11, 2021
Convert Beat Saber maps to Tesla light shows!

Tesla x Beat Saber - Light Show Converter Convert Beat Saber maps to Tesla light shows! This project requires FFMPEG and all packages from requirement

HLVM 20 Dec 21, 2022
A webapp for taking fast notes, designed for business, school, and collaboration with groups.

JOTS Journal of the Session A webapp for taking fast notes, designed for business, school, and collaboration with groups.

Zebadiah S. Taylor 2 Jun 10, 2022
Notes on the Deep Learning book from Ian Goodfellow, Yoshua Bengio and Aaron Courville (2016)

The Deep Learning Book - Goodfellow, I., Bengio, Y., and Courville, A. (2016) This content is part of a series following the chapter 2 on linear algeb

hadrienj 1.7k Jan 07, 2023
Implementation of the Angular Spectrum method in Python to simulate Diffraction Patterns

Diffraction Simulations - Angular Spectrum Method Implementation of the Angular Spectrum method in Python to simulate Diffraction Patterns with arbitr

Rafael de la Fuente 276 Dec 30, 2022
A basic tool to generate Hydrogen drum machine kits.

Generate Hydrogen Kit A basic tool to generate drumkit.xml files for Hydrogen drum machine. Saves a bit of time when making kits. Supply it with a nam

Luna Langton 2 Nov 28, 2021
This repository contains completed Python projects

My Python projects This repository contains completed Python projects: 1) Build projects Guide for building projects into executable files 2) Calculat

Igor Yunusov 8 Nov 04, 2021
pyRTOS is a real-time operating system (RTOS), written in Python.

pyRTOS Introduction pyRTOS is a real-time operating system (RTOS), written in Python. The primary goal of pyRTOS is to provide a pure Python RTOS that

Ben Williams 96 Dec 30, 2022
emoji-math computes the given python expression and returns either the value or the nearest 5 emojis as measured by cosine similarity.

emoji-math computes the given python expression and returns either the value or the nearest 5 emojis as measured by cosine similarity.

Andrew White 13 Dec 11, 2022
An addin for Autodesk Fusion 360 that lets you view your design in a Looking Glass Portrait 3D display

An addin for Autodesk Fusion 360 that lets you view your design in a Looking Glass Portrait 3D display

Brian Peiris 12 Nov 02, 2022
2 Way Sync Between Notion Database and Google Calendar

Notion-and-Google-Calendar-2-Way-Sync 2 Way Sync Between a Notion Database and Google Calendar WARNING: This repo will be undergoing a good bit of cha

248 Dec 26, 2022
a sketch of what a zkvm could look like

We want to build a ZKP that validates an entire EVM block or as much of it as we can efficiently. Its okay to adjust the gas costs for every EVM opcode. Its also to exclude some opcodes for now if th

25 Dec 30, 2022
Packages of Example Data for The Effect

causaldata This repository will contain R, Stata, and Python packages, all called causaldata, which contain data sets that can be used to implement th

103 Dec 24, 2022
PythonKafkaCompose is an upgrade of the amazing work done in liveMaps

PythonKafkaCompose is an upgrade of the amazing work done in liveMaps It is a simple project composed by: an instance of Kafka a Py

5 Jun 19, 2022
Personal Chat Assistance

Python-Programming Personal Chat Assistance {% import "bootstrap/wtf.html" as wtf %} titleEVT/title script src="https://code.jquery.com/jquery-3.

PRASH_SMVIT 2 Nov 14, 2021