Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/yampelo/samparser

A python script used to parse the SAM registry hive.
https://github.com/yampelo/samparser

Last synced: 2 months ago
JSON representation

A python script used to parse the SAM registry hive.

Host: GitHub
URL: https://github.com/yampelo/samparser
Owner: yampelo
Created: 2015-10-04T13:39:24.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2018-01-26T20:22:41.000Z (almost 7 years ago)
Last Synced: 2024-10-31T14:36:47.442Z (2 months ago)
Language: Python
Size: 11.7 KB
Stars: 71
Watchers: 6
Forks: 13
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# samparser
A python script used to parse the SAM registry hive.

10/5/2015 update:
Can now parse groups as well

Depends on python-registry
```
pip install python-registry
```

Input is a sam registry hive.

```
python samparse.py
```

Sample output (Tested on the SAM hive from http://digitalcorpora.org/corpora/scenarios/m57-jean)

```
----- Administrator -----
Comment : Built-in account for administering the computer/domain
Account Type : Default Admin User
RID : 500
Account Created Date : 13 May 2008 - 22:20:14
Last Login Date : 21 July 2008 - 01:22:18
Password Reset Date : 13 May 2008 - 22:23:39
Password Fail Date : Never
Account Flags : Password does not expire | Normal user account |
Failed Login Count : 0
Login Count : 24

----- Guest -----
Comment : Built-in account for guest access to the computer/domain
Account Type : Default Guest Acct
RID : 501
Account Created Date : 13 May 2008 - 22:20:14
Last Login Date : Never
Password Reset Date : Never
Password Fail Date : Never
Account Flags : Password does not expire | Account Disabled | Password not required | Normal user account |
Failed Login Count : 0
Login Count : 0

----- HelpAssistant -----
Full Name : Remote Desktop Help Assistant Account
Comment : Account for Providing Remote Assistance
Account Type : Custom Limited Acct
RID : 1000
Account Created Date : 13 May 2008 - 21:24:45
Last Login Date : Never
Password Reset Date : 13 May 2008 - 21:24:45
Password Fail Date : Never
Account Flags : Password does not expire | Account Disabled | Normal user account |
Failed Login Count : 0
Login Count : 0

----- SUPPORT_388945a0 -----
Full Name : CN=Microsoft Corporation,L=Redmond,S=Washington,C=US
Comment : This is a vendor's account for the Help and Support Service
Account Type : Custom Limited Acct
RID : 1002
Account Created Date : 13 May 2008 - 21:25:56
Last Login Date : Never
Password Reset Date : 13 May 2008 - 21:25:56
Password Fail Date : Never
Account Flags : Password does not expire | Account Disabled | Normal user account |
Failed Login Count : 0
Login Count : 0

----- Kim -----
Full Name : Kim
Account Type : Default Admin User
RID : 1003
Account Created Date : 14 May 2008 - 05:32:56
Last Login Date : Never
Password Reset Date : Never
Password Fail Date : Never
Account Flags : Password does not expire | Normal user account |
Failed Login Count : 0
Login Count : 0

----- Jean -----
Full Name : Jean
Account Type : Default Admin User
RID : 1004
Account Created Date : 14 May 2008 - 05:33:08
Last Login Date : 20 July 2008 - 00:00:41
Password Reset Date : Never
Password Fail Date : Never
Account Flags : Password does not expire | Normal user account |
Failed Login Count : 0
Login Count : 80

----- Addison -----
Full Name : Addison
Account Type : Default Admin User
RID : 1005
Account Created Date : 14 May 2008 - 05:34:03
Last Login Date : Never
Password Reset Date : Never
Password Fail Date : Never
Account Flags : Password does not expire | Normal user account |
Failed Login Count : 0
Login Count : 0

----- Abijah -----
Full Name : Abijah
Account Type : Default Admin User
RID : 1006
Account Created Date : 14 May 2008 - 05:34:43
Last Login Date : Never
Password Reset Date : Never
Password Fail Date : Never
Account Flags : Password does not expire | Normal user account |
Failed Login Count : 0
Login Count : 0

----- Devon -----
Full Name : Devon
Account Type : Default Admin User
RID : 1007
Account Created Date : 14 May 2008 - 05:34:54
Last Login Date : 12 July 2008 - 03:02:47
Password Reset Date : Never
Password Fail Date : Never
Account Flags : Password does not expire | Normal user account |
Failed Login Count : 0
Login Count : 4

----- Sacha -----
Full Name : Sacha
Account Type : Default Admin User
RID : 63
Account Created Date : 14 May 2008 - 05:35:35

----- Administrators -----
Group Description : Administrators have complete and unrestricted access to the computer/domain
Last Write : 2008-05-14 05:35:35.281248
User Count : 7
Memebers : S-1-5-21-484763869-796845957-839522115-500
S-1-5-21-484763869-796845957-839522115-1003
S-1-5-21-484763869-796845957-839522115-1004
S-1-5-21-484763869-796845957-839522115-1005
S-1-5-21-484763869-796845957-839522115-1006
S-1-5-21-484763869-796845957-839522115-1007
S-1-5-21-484763869-796845957-839522115-1008

----- Users -----
Group Description : Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
Last Write : 2008-05-14 05:35:35.265625
User Count : 8
Memebers : S-1-5-4
S-1-5-11
S-1-5-21-484763869-796845957-839522115-1003
S-1-5-21-484763869-796845957-839522115-1004
S-1-5-21-484763869-796845957-839522115-1005
S-1-5-21-484763869-796845957-839522115-1006
S-1-5-21-484763869-796845957-839522115-1007
S-1-5-21-484763869-796845957-839522115-1008

----- Guests -----
Group Description : Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
Last Write : 2008-05-13 22:20:14.812498
User Count : 1
Memebers : S-1-5-21-484763869-796845957-839522115-501

----- Power Users -----
Group Description : Power Users possess most administrative powers with some restrictions. Thus, Power Users can run legacy applications in addition to certified applications
Last Write : 2008-05-13 22:20:14.812498
User Count : 0
Memebers : No users in this group

----- Backup Operators -----
Group Description : Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
Last Write : 2008-05-13 22:20:14.812498
User Count : 0
Memebers : No users in this group

----- Replicator -----
Group Description : Supports file replication in a domain
Last Write : 2008-05-13 22:20:14.812498
User Count : 0
Memebers : No users in this group

----- Remote Desktop Users -----
Group Description : Members in this group are granted the right to logon remotely
Last Write : 2008-05-13 22:20:14.828125
User Count : 0
Memebers : No users in this group

----- Network Configuration Operators -----
Group Description : Members in this group can have some administrative privileges to manage configuration of networking features
Last Write : 2008-05-13 22:20:14.828125
User Count : 0
Memebers : No users in this group

```