infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Spacing and bugfixes

bug/bundler_fix
Meatballs 2013-09-02 21:57:11 +01:00
parent 051ef0bdfa
commit 13244efecf
2 changed files with 73 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
lib/msf/core/post/windows/netapi.rb
View File

@ -11,6 +11,17 @@ module NetAPI
SV_TYPE_DOMAIN_BAKCTRL = 10
SV_TYPE_DOMAIN_CTRL = 4
ERROR_ACCESS_DENIED = 5
ERROR_NOT_ENOUGH_MEMORY = 8
ERROR_INVALID_PARAMETER = 87
ERROR_INVALID_LEVEL = 124
ERROR_MORE_DATA = 234
ERROR_NO_BROWSER_SERVERS_FOUND = 6118
NERR_ClientNameNotFound = 2312
NERR_InvalidComputer = 2351
NERR_UserNotFound = 2221
def UnicodeByteStringToAscii(str)
length = (str.index "\0\0\0") + 1
Rex::Text.to_ascii(str[0..length])
@ -23,6 +34,8 @@ module NetAPI
end
def net_server_enum(server_type=SV_TYPE_ALL, domain=nil)
hosts = []
result = client.railgun.netapi32.NetServerEnum(
nil, # servername
100, # level (100/101)
@ -36,38 +49,22 @@ module NetAPI
)
case result['return']
when 5
vprint_error("Access Denied when trying to enum hosts.")
return nil
when 6118
vprint_error("No Browser servers found.")
return nil
when 50
vprint_error("Request not supported.")
return nil
when 2184
vprint_error("Service not installed.")
return nil
when 0
vprint_status("Success.")
when 87
vprint_error ("Invalid parameter.")
hosts = read_server_structs(result['bufptr'], result['totalentries'])
when ERROR_NO_BROWSER_SERVERS_FOUND
print_error("ERROR_NO_BROWSER_SERVERS_FOUND")
return nil
when ERROR_MORE_DATA
vprint_error("ERROR_MORE_DATA")
return nil
else
if result['return'] != 234
vprint_status("Unaccounted for error code: #{result['return']}")
return nil
end
end
hosts = read_server_structs(result['bufptr'], result['totalentries'])
netapi_buffer_free(result['bufptr'])
return hosts
end
def read_server_structs(start_ptr, count)
def read_server_structs(start_ptr, count, domain, server_type)
base = 0
struct_size = 8
hosts = []
@ -85,21 +82,26 @@ module NetAPI
return hosts
end
def getSessions(hostname, username)
def net_session_enum(hostname, username)
sessions = []
result = client.railgun.netapi32.NetSessionEnum(
hostname,
nil,
username,
10,
4,
MAX_PREFERRED_LENGTH,
4,
4,
nil
hostname, # servername
nil, # UncClientName
username, # username
10, # level
4, # bufptr
MAX_PREFERRED_LENGTH, # prefmaxlen
4, # entriesread
4, # totalentries
nil # resume_handle
)
case result['return']
when 5
when 0
vprint_error("#{hostname} Session identified")
sessions = read_session_structs(result['bufptr'], result['totalentries'], hostname)
when ERROR_ACCESS_DENIED
vprint_error("#{hostname} Access denied...")
return nil
when 53
@ -108,19 +110,15 @@ module NetAPI
when 123
vprint_error("Invalid host: #{hostname}")
return nil
when 0
vprint_status("#{hostname} Session identified")
when 2221 #username not found
when NERR_UserNotFound
return nil
when ERROR_MORE_DATA
vprint_error("#{hostname} ERROR_MORE_DATA")
else
if result['return'] != 234
vprint_error("Unaccounted for error code: #{result['return']}")
return nil
end
vprint_error("Unaccounted for error code: #{result['return']}")
return nil
end
sessions = read_session_structs(result['bufptr'], result['totalentries'], hostname)
netapi_buffer_free(result['bufptr'])
return sessions

64
modules/post/windows/gather/enum_domain_users.rb
View File

@ -14,10 +14,10 @@ class Metasploit3 < Msf::Post
super( update_info( info,
'Name' => 'Windows Gather Enumerate Active Domain Users',
'Description' => %q{
This module will enumerate computers included in the primary Domain and attempt
to list all locations the targeted user has sessions on. If a the HOST option is specified
the module will target only that host. If the HOST is specified and USER is set to nil, all users
logged into that host will be returned.'
This module will enumerate computers included in the primary Domain and attempt
to list all locations the targeted user has sessions on. If a the HOST option is specified
the module will target only that host. If the HOST is specified and USER is set to nil, all users
logged into that host will be returned.'
},
'License' => MSF_LICENSE,
'Author' => [ 'Etienne Stalmans <etienne[at]sensepost.com>'],
@ -32,50 +32,50 @@ class Metasploit3 < Msf::Post
end
def run
sessions = []
user = datastore['USER']
host = datastore['HOST']
sessions = []
user = datastore['USER']
host = datastore['HOST']
if host
if user
print_status("Attempting to identify #{user} on #{host}...")
else
print_status("Attempting to get all logged in users on #{host}...")
end
sessions = getSessions(host, user)
if host
if user
print_status("Attempting to identify #{user} on #{host}...")
else
print_status("Attempting to get all logged in users on #{host}...")
end
sessions = net_session_enum(host, user)
elsif user
domain = getdomain
elsif user
domain = getdomain
unless domain.empty?
print_status ("Using domain: #{domain}")
print_status ("Getting list of domain hosts...")
end
unless domain.empty?
print_status ("Using domain: #{domain}")
print_status ("Getting list of domain hosts...")
hosts = net_server_enum(SV_TYPE_ALL, domain)
hosts = net_server_enum(SV_TYPE_ALL, domain)
if hosts
len = hosts.count
print_status("#{len} host(s) found")
if hosts
len = hosts.count
print_status("#{len} host(s) found")
hosts.each do |host|
sessions << getSessions(host[:name], user)
end
sessions.flatten!
hosts.each do |host|
sessions << net_session_enum(host[:name], user)
end
end
sessions.flatten!
else
print_error("Invalid options, either HOST or USER must be specified.")
return
print_error("Invalid options, either HOST or USER must be specified.")
return
end
if sessions.count == 0
if sessions.nil? or sessions.count == 0
print_error("No sessions found")
return
else
print_status("#{sessions.count} session(s) identified")
end
if sessions and sessions.count > 0
if sessions and sessions.count > 0
sessions.each do |s|
if s
print_good("#{s[:username]} logged in at #{s[:hostname]} and has been idle for #{s[:idletime]} seconds")