Merge pull request #122 from franc-pentest/Fix_improve-SCCM

Fix and improve sccm information
franc-pentest · Dec 30, 2024 · e1d9fe7 · e1d9fe7
2 parents 7df99a4 + 1f537c2
commit e1d9fe7
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 7 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.77
+1.0.78
diff --git a/ldeep/__main__.py b/ldeep/__main__.py
@@ -220,9 +220,19 @@ def default(o):
                                     print(f"Primary/Secondary Site: {name}")
                                 except:
                                     print(f"Primary/Secondary Site: {sid}")
-                # sccm distribution points
-                elif "mSSMSManagementPoint" in record["objectClass"]:
-                    print(f"Distribution point: {record['dNSHostName']}")
+                # sccm management points
+                elif (
+                    "mSSMSManagementPoint" in record["objectClass"]
+                    and "connectionPoint" in record["objectClass"]
+                ):
+                    print(f"Management point: {record['dNSHostName']}")
+                    print(f"  Default MP: {record['mSSMSDefaultMP']}")
+                    print(f"  Site code: {record['mSSMSSiteCode']}")
+                # potential sccm distribution points
+                elif "connectionPoint" in record["objectClass"]:
+                    print(
+                        f"Potential distribution point: {','.join(record['distinguishedName'].split(',')[1:])}"
+                    )
 
                 if self.engine.page_size > 0 and k % self.engine.page_size == 0:
                     sleep(self.engine.throttle)
@@ -1044,12 +1054,33 @@ def list_sccm(self, kwargs):
         except Exception as e:
             error(e, close_array=verbose)
 
-        # Distribution points
+        # Management points
         self.engine.set_controls()
         if verbose:
             attributes = self.engine.all_attributes()
         else:
-            attributes = ["objectClass", "dNSHostName"]
+            attributes = [
+                "objectClass",
+                "dNSHostName",
+                "mSSMSDefaultMP",
+                "mSSMSSiteCode",
+            ]
+
+        results = self.engine.query(
+            self.engine.MP_SCCM_FILTER(),
+            attributes,
+        )
+
+        try:
+            self.display(results, verbose)
+        except LDAPObjectClassError as e:
+            error(f"{e}. SCCM may not be installed", close_array=verbose)
+
+        # Distribution points
+        if verbose:
+            attributes = self.engine.all_attributes()
+        else:
+            attributes = ["objectClass", "distinguishedName"]
 
         results = self.engine.query(
             self.engine.DP_SCCM_FILTER(),

diff --git a/ldeep/views/ldap_activedirectory.py b/ldeep/views/ldap_activedirectory.py
@@ -223,7 +223,8 @@ class LdapActiveDirectoryView(ActiveDirectoryView):
     PKI_FILTER = lambda _: "(objectClass=pKIEnrollmentService)"
     TEMPLATE_FILTER = lambda _: "(objectClass=pKICertificateTemplate)"
     PRIMARY_SCCM_FILTER = lambda _: "(cn=System Management)"
-    DP_SCCM_FILTER = lambda _: "(objectClass=mssmsmanagementpoint)"
+    MP_SCCM_FILTER = lambda _: "(objectClass=mssmsmanagementpoint)"
+    DP_SCCM_FILTER = lambda _: "(cn=*-Remote-Installation-Services)"
     USER_ALL_FILTER = lambda _: "(&(objectCategory=Person)(objectClass=user))"
     USER_SPN_FILTER = (
         lambda _: "(&(objectCategory=Person)(objectClass=user)(servicePrincipalName=*)(!(sAMAccountName=krbtgt)))"