dissect.target 3.20.dev52__py3-none-any.whl → 3.20.dev53__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dissect/target/plugins/os/windows/generic.py +48 -1
- {dissect.target-3.20.dev52.dist-info → dissect.target-3.20.dev53.dist-info}/METADATA +1 -1
- {dissect.target-3.20.dev52.dist-info → dissect.target-3.20.dev53.dist-info}/RECORD +8 -8
- {dissect.target-3.20.dev52.dist-info → dissect.target-3.20.dev53.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.20.dev52.dist-info → dissect.target-3.20.dev53.dist-info}/LICENSE +0 -0
- {dissect.target-3.20.dev52.dist-info → dissect.target-3.20.dev53.dist-info}/WHEEL +0 -0
- {dissect.target-3.20.dev52.dist-info → dissect.target-3.20.dev53.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.20.dev52.dist-info → dissect.target-3.20.dev53.dist-info}/top_level.txt +0 -0
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
|
+
import struct
|
|
3
4
|
from datetime import datetime
|
|
4
5
|
from typing import Iterator
|
|
5
6
|
|
|
7
|
+
from dissect.util.sid import read_sid
|
|
6
8
|
from dissect.util.ts import from_unix
|
|
7
9
|
|
|
8
10
|
from dissect.target.exceptions import RegistryError, UnsupportedPluginError
|
|
@@ -10,7 +12,10 @@ from dissect.target.helpers.descriptor_extensions import (
|
|
|
10
12
|
RegistryRecordDescriptorExtension,
|
|
11
13
|
UserRecordDescriptorExtension,
|
|
12
14
|
)
|
|
13
|
-
from dissect.target.helpers.record import
|
|
15
|
+
from dissect.target.helpers.record import (
|
|
16
|
+
TargetRecordDescriptor,
|
|
17
|
+
create_extended_descriptor,
|
|
18
|
+
)
|
|
14
19
|
from dissect.target.plugin import Plugin, export
|
|
15
20
|
|
|
16
21
|
UserRegistryRecordDescriptor = create_extended_descriptor(
|
|
@@ -113,6 +118,15 @@ WinSockNamespaceProviderRecord = UserRegistryRecordDescriptor(
|
|
|
113
118
|
],
|
|
114
119
|
)
|
|
115
120
|
|
|
121
|
+
ComputerSidRecord = TargetRecordDescriptor(
|
|
122
|
+
"windows/sid/computer",
|
|
123
|
+
[
|
|
124
|
+
("datetime", "ts"),
|
|
125
|
+
("string", "sidtype"),
|
|
126
|
+
("string", "sid"),
|
|
127
|
+
],
|
|
128
|
+
)
|
|
129
|
+
|
|
116
130
|
|
|
117
131
|
class GenericPlugin(Plugin):
|
|
118
132
|
"""Generic Windows plugin.
|
|
@@ -573,3 +587,36 @@ class GenericPlugin(Plugin):
|
|
|
573
587
|
return self.target.registry.key(key).value("ACP").value
|
|
574
588
|
except RegistryError:
|
|
575
589
|
pass
|
|
590
|
+
|
|
591
|
+
@export(record=ComputerSidRecord)
|
|
592
|
+
def sid(self) -> Iterator[ComputerSidRecord]:
|
|
593
|
+
"""Return the machine- and optional domain SID of the system."""
|
|
594
|
+
|
|
595
|
+
try:
|
|
596
|
+
key = self.target.registry.key("HKLM\\SAM\\SAM\\Domains\\Account")
|
|
597
|
+
|
|
598
|
+
# The machine SID is stored in the last 12 bytes of the V value as little-endian
|
|
599
|
+
# The machine SID differs from a 'normal' binary SID as only holds 3 values and lacks a prefix / Revision
|
|
600
|
+
# NOTE: Consider moving this to dissect.util.sid if we encounter this more often
|
|
601
|
+
sid = struct.unpack_from("<III", key.value("V").value, -12)
|
|
602
|
+
|
|
603
|
+
yield ComputerSidRecord(
|
|
604
|
+
ts=key.timestamp,
|
|
605
|
+
sidtype="Machine",
|
|
606
|
+
sid=f"S-1-5-21-{sid[0]}-{sid[1]}-{sid[2]}",
|
|
607
|
+
_target=self.target,
|
|
608
|
+
)
|
|
609
|
+
except (RegistryError, struct.error):
|
|
610
|
+
pass
|
|
611
|
+
|
|
612
|
+
try:
|
|
613
|
+
key = self.target.registry.key("HKLM\\SECURITY\\Policy\\PolMachineAccountS")
|
|
614
|
+
|
|
615
|
+
yield ComputerSidRecord(
|
|
616
|
+
ts=key.timestamp,
|
|
617
|
+
sidtype="Domain",
|
|
618
|
+
sid=read_sid(key.value("(Default)").value),
|
|
619
|
+
_target=self.target,
|
|
620
|
+
)
|
|
621
|
+
except (RegistryError, struct.error):
|
|
622
|
+
pass
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: dissect.target
|
|
3
|
-
Version: 3.20.
|
|
3
|
+
Version: 3.20.dev53
|
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -284,7 +284,7 @@ dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2
|
|
|
284
284
|
dissect/target/plugins/os/windows/datetime.py,sha256=YKHUZU6lkKJocq15y0yCwvIIOb1Ej-kfvEBmHbrdIGw,9467
|
|
285
285
|
dissect/target/plugins/os/windows/defender.py,sha256=JAJy8hr6jFGd290N1d5a-bVeD8rHc6E_pWEHxTpiMDk,32735
|
|
286
286
|
dissect/target/plugins/os/windows/env.py,sha256=U5D74i_7tICxGDanqDU42Jqsx0asFFMIs6SpUwTnJc4,13884
|
|
287
|
-
dissect/target/plugins/os/windows/generic.py,sha256=
|
|
287
|
+
dissect/target/plugins/os/windows/generic.py,sha256=RJ1znzsIa4CFxmdMh91SjMY_pnjwxvldlTEKo58m_e8,24262
|
|
288
288
|
dissect/target/plugins/os/windows/jumplist.py,sha256=3gZk6O1B3lKK2Jxe0B-HapOCEehk94CYNvCVDpQC9nQ,11773
|
|
289
289
|
dissect/target/plugins/os/windows/lnk.py,sha256=KTqhw0JMW-KjAxe4xlRDNSRSx-th-_nPVgTGyBaKmW0,7891
|
|
290
290
|
dissect/target/plugins/os/windows/locale.py,sha256=QiLWGgWrGBGHiXgep5iSOo6VNim4YC-xd4MdW0BUJPA,2486
|
|
@@ -378,10 +378,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
|
|
|
378
378
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
|
379
379
|
dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
|
|
380
380
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
|
381
|
-
dissect.target-3.20.
|
|
382
|
-
dissect.target-3.20.
|
|
383
|
-
dissect.target-3.20.
|
|
384
|
-
dissect.target-3.20.
|
|
385
|
-
dissect.target-3.20.
|
|
386
|
-
dissect.target-3.20.
|
|
387
|
-
dissect.target-3.20.
|
|
381
|
+
dissect.target-3.20.dev53.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
|
382
|
+
dissect.target-3.20.dev53.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
|
383
|
+
dissect.target-3.20.dev53.dist-info/METADATA,sha256=83_YSjif8SPpGDGODY4T2GwqkZoXDoxilQkzr9RsT7M,12897
|
|
384
|
+
dissect.target-3.20.dev53.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
|
|
385
|
+
dissect.target-3.20.dev53.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
|
|
386
|
+
dissect.target-3.20.dev53.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
|
387
|
+
dissect.target-3.20.dev53.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{dissect.target-3.20.dev52.dist-info → dissect.target-3.20.dev53.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
|
File without changes
|