#! c:\perl\bin\perl.exe #------------------------------------------------ # rights.pl # # Script to get user rights # usage: [perl] rights.pl -h # # copyright 2000/2001 H. Carvey keydet89@yahoo.com #------------------------------------------------ use strict; use Win32::Lanman; use Getopt::Long; my %config = (); Getopt::Long::Configure("prefix_pattern=(-|\/)"); GetOptions(\%config, qw(user|u=s server|s=s convert|c list|l verbose|v help|?|h)); \usage() if ($config{help}); my $server = $config{server} || Win32::NodeName; my $user = $config{user} || Win32::LoginName; \listusers($server) if ($config{list}); my @accounts = ($user); my @info; my @groups; my %priv = ("SeNetworkLogonRight" => "Access this computer from the network", "SeBatchLogonRight" => "Logon as a batch job", "SeServiceLogonRight" => "Logon as a service", "SeInteractiveLogonRight" => "Log on locally", "SeTcbPrivilege" => "Act as part of the operating system", "SeMachineAccountPrivilege" => "Add workstations to domain", "SeBackupPrivilege" => "Back up files and directories", "SeChangeNotifyPrivilege" => "Bypass traverse checking", "SeSystemtimePrivilege" => "Change the system time", "SeCreatePagefilePrivilege" => "Create a page file", "SeCreateTokenPrivilege" => "Create a token object", "SeCreatePermanentPrivilege" => "Create permanent shared objects", "SeDebugPrivilege" => "Debug programs", "SeRemoteShutdownPrivilege" => "Force shutdown of a remote system", "SeAuditPrivilege" => "Generate security audits", "SeIncreaseQuotaPrivilege" => "Increase quotas", "SeIncreaseBasePriorityPrivilege" => "Increase scheduling priority", "SeLoadDriverPrivilege" => "Load and unload device drivers", "SeLockMemoryPrivilege" => "Lock pages in memory", "SeSecurityPrivilege" => "Manage auditing and security log", "SeSystemEnvironmentPrivilege" => "Modify firmware environment variables", "SeProfileSingleProcessPrivilege" => "Profile a single process", "SeSystemProfilePrivilege" => "Profile system performance", "SeAssignPrimaryTokenPrivilege" => "Replace a process level token", "SeRestorePrivilege" => "Restore files and directories", "SeShutdownPrivilege" => "Shut down the system", "SeTakeOwnershipPrivilege" => "Take ownership of files or other objects"); # First, get all the groups that the user belongs to on the server if (Win32::Lanman::NetUserGetLocalGroups("\\\\$server",$user,&LG_INCLUDE_INDIRECT,\@groups)) { print "Account $user on $server belongs to the following groups:\n" if ($config{verbose}); foreach my $group (@groups) { print "${$group}{'name'}\n" if ($config{verbose}); push (@accounts,${$group}{'name'}); } print "\n" if ($config{verbose}); print "Account $user on $server has the following rights and privileges:\n" if ($config{verbose}); my @rights = getRights($server); foreach (@rights) { print "$_\n"; } } else { my $err = Win32::FormatMessage Win32::Lanman::GetLastError; $err = Win32::Lanman::GetLastError() if ($err eq ""); print "Error in NetUserGetLocalGroups: $err\n"; } #----------------------------------------------------------- # getRights() #----------------------------------------------------------- sub getRights { my $server = $_[0]; my @privileges = (); my %privs = (); if (Win32::Lanman::LsaLookupNames("\\\\$server",\@accounts,\@info)) { my $sid; foreach my $hash (@info) { $sid = $hash->{sid}; # print "SID: $sid\n"; if (Win32::Lanman::LsaEnumerateAccountRights("\\\\$server", $sid, \@privileges)) { ($config{convert}) ? (map {$privs{$priv{$_}} = 1;}@privileges) : (map {$privs{$_} = 1;}@privileges); } else { my $err = Win32::FormatMessage Win32::Lanman::GetLastError; $err = Win32::Lanman::GetLastError() if ($err eq ""); print "Error in LsaEnumerateAccountRights: $err\n"; } } return keys %privs; } else { my $err = Win32::FormatMessage Win32::Lanman::GetLastError; $err = Win32::Lanman::GetLastError() if ($err eq ""); print "Error in LsaLookupNames: $err\n"; return undef; } } #----------------------------------------------------------- # listusers() #----------------------------------------------------------- sub listusers { my $server = $_[0]; my @users = (); if(Win32::Lanman::NetUserEnum("\\\\$server", 0, \@users)) { print "\nListing all users on $server\n"; print "-" x 35,"\n"; foreach my $user (@users) { print "${$user}{'name'}\n"; } } else { my $err = Win32::FormatMessage Win32::Lanman::GetLastError; $err = Win32::Lanman::GetLastError() if ($err eq ""); print "Error in NetUserEnum: $err\n"; } exit 1; } #----------------------------------------------------------- # usage() #----------------------------------------------------------- sub usage { print "Rights --- view all rights and privileges of a user\n"; print "\n"; print "[perl] rights.pl [-u user] [-s server] [-c] [-v] [-h]\n"; print " -u\tusername (default: current user)\n"; print " -s\tserver to query (default: localhost)\n"; print " -l\tlist all users on server\n"; print " -c\tconvert raw privilege names\n"; print " \tEx: SeInteractiveLogonRight => Log on locally\n"; print " -v\tverbose reporting\n"; print " -h\tdisplay this message\n\n"; print "Copyright 2000/2001 H. Carvey keydet89\@yahoo.com\n"; exit 1; }