From e92c2a669dee63c74e39f3402946a1a96fb68ba7 Mon Sep 17 00:00:00 2001 From: aldorm Date: Mon, 8 Apr 2019 17:13:14 -0500 Subject: [PATCH] IIS Application Pool - Password Retrieval Just a little script to retrieve passwords configured into IIS Application Tool More information: https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities https://amoghnatu.net/2015/01/15/get-password-for-iis-application-pool-account/ --- Windows/lazagne/config/manage_modules.py | 5 +- .../lazagne/softwares/sysadmin/iisapppool.py | 76 +++++++++++++++++++ 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100755 Windows/lazagne/softwares/sysadmin/iisapppool.py diff --git a/Windows/lazagne/config/manage_modules.py b/Windows/lazagne/config/manage_modules.py index e524c350..849371e5 100755 --- a/Windows/lazagne/config/manage_modules.py +++ b/Windows/lazagne/config/manage_modules.py @@ -43,6 +43,8 @@ from lazagne.softwares.sysadmin.opensshforwindows import OpenSSHForWindows from lazagne.softwares.sysadmin.openvpn import OpenVPN from lazagne.softwares.sysadmin.iiscentralcertp import IISCentralCertP + +from lazagne.softwares.sysadmin.iisapppool import IISAppPool from lazagne.softwares.sysadmin.puttycm import Puttycm from lazagne.softwares.sysadmin.rdpmanager import RDPManager from lazagne.softwares.sysadmin.unattended import Unattended @@ -141,7 +143,8 @@ def get_modules(): Puttycm(), OpenSSHForWindows(), OpenVPN(), - IISCentralCertP(), + IISCentralCertP(), + IISAppPool(), RDPManager(), Unattended(), WinSCP(), diff --git a/Windows/lazagne/softwares/sysadmin/iisapppool.py b/Windows/lazagne/softwares/sysadmin/iisapppool.py new file mode 100755 index 00000000..5452d707 --- /dev/null +++ b/Windows/lazagne/softwares/sysadmin/iisapppool.py @@ -0,0 +1,76 @@ +import fnmatch +import os +import subprocess +import re +import string + +from lazagne.config.module_info import ModuleInfo + +class IISAppPool(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, name='iisapppool', category='sysadmin', registry_used=True, winapi_used=True) + + def find_files(self, path, file): + """ + Try to find all files with the same name + """ + founded_files = [] + for dirpath, dirnames, files in os.walk(path): + for file_name in files: + if fnmatch.fnmatch(file_name, file): + founded_files.append(dirpath + '\\' + file_name) + + return founded_files + + def execute_get_stdout(self, exe_file, arguments): + try: + proc = subprocess.Popen(exe_file + " " + arguments, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + except: + self.debug(u'Error executing {exefile}'.format(exefile=exe_file)) + return None + + return proc.stdout + + def run(self): + pfound = [] + + exe_files = self.find_files(os.environ['WINDIR'] + '\\System32\\inetsrv', 'appcmd.exe') + if len(exe_files) == 0: + self.debug(u'File not found appcmd.exe') + return + + self.info(u'appcmd.exe files found: {files}'.format(files=exe_files)) + output = self.execute_get_stdout(exe_files[-1], 'list apppool') + if output == None: + self.debug(u'Problems with Application Pool list') + return + + app_list = [] + for line in output.readlines(): + app_list.append(re.findall(r'".*"', line)[0].split('"')[1]) + + + for app in app_list: + values = {} + username = '' + password = '' + + output = self.execute_get_stdout(exe_files[-1], 'list apppool ' + app + ' /text:*') + + for line in output.readlines(): + if re.search(r'userName:".*"', line): + username = re.findall(r'userName:".*"', line)[0].split('"')[1] + + if re.search(r'password:".*"', line): + password = re.findall(r'password:".*"', line)[0].split('"')[1] + + if password != '' : + values['AppPool.Name'] = app + values['Username'] = username + values['Password'] = password + + pfound.append(values) + + + return pfound