Initial module works

2015-12-18 01:13:44 +00:00 · 2015-12-18 01:13:44 +00:00 · 15dc542544
parent f31c1c24db
commit 15dc542544
1 changed files with 7 additions and 150 deletions
--- a/modules/post/windows/gather/ad_groupusers_to_sql.rb
+++ b/modules/post/windows/gather/ad_groupusers_to_sql.rb
@ -57,6 +57,7 @@ class Metasploit3 < Msf::Post
    # Go through each of the groups and identify the individual users in each group
    vprint_status "Retrieving AD Group Membership"
    users_fields = ['distinguishedName','objectSid','sAMAccountType','sAMAccountName','displayName','description','logonCount','userAccountControl','userPrincipalName','whenChanged','whenCreated']
+    group_counter = 0
    groups[:results].each do |individual_group|
      begin

@ -82,9 +83,9 @@ class Metasploit3 < Msf::Post

          # Add the group to the database
          sql_param_user = { :rid => user_rid.to_i, 
-                             :distinguishedName => individual_group[0][:value],
-                             :sAMAccountName => individual_group[3][:value],
-                             :description => individual_group[4][:value]
+                             :distinguishedName => group_user[0][:value],
+                             :sAMAccountName => group_user[3][:value],
+                             :description => group_user[5][:value]
                           }
          db.execute("replace into ad_users (rid, distinguishedName, sAMAccountName, description) VALUES (:rid,:distinguishedName,:sAMAccountName,:description)", sql_param_user)

@ -94,6 +95,7 @@ class Metasploit3 < Msf::Post
                              }
          db.execute("insert into ad_mapping (user_rid,group_rid) VALUES (:user_rid,:group_rid)", sql_param_mapping)

+          group_counter += 1
        end
      rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
        print_error("Error(Users): #{e.message.to_s}")
@ -101,6 +103,7 @@ class Metasploit3 < Msf::Post
      end
    end

+    print_status "Enumerated #{group_counter} group(s)"
  end

 # Creat the SQLite Database
@ -124,6 +127,7 @@ class Metasploit3 < Msf::Post
                          'rid INTEGER PRIMARY KEY NOT NULL,'\
                          'distinguishedName TEXT UNIQUE NOT NULL,'\
                          'description TEXT,'\
+                          'sAMAccountName TEXT,'\
                          'logonCount INTEGER,'\
                          'userPrincipalName TEXT,'\
                          'whenCreated TEXT,'\
@ -164,150 +168,3 @@ class Metasploit3 < Msf::Post
   ret
 end
 end 
-
-#    @user_fields = USER_FIELDS.dup
-#
-#    if datastore['ADDITIONAL_FIELDS']
-#      additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/, "").split(',')
-#      @user_fields.push(*additional_fields)
-#    end
-#
-#    max_search = datastore['MAX_SEARCH']
-#
-#    begin
-#      q = query(query_filter, max_search, @user_fields)
-#    rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
-#      # Can't bind or in a network w/ limited accounts
-#      print_error(e.message)
-#      return
-#    end
-#
-#    if q.nil? || q[:results].empty?
-#      print_status('No results returned.')
-#    else
-#      results_table = parse_results(q[:results])
-#      print_line results_table.to_s
-#
-#      if datastore['STORE_LOOT']
-#        stored_path = store_loot('ad.users', 'text/plain', session, results_table.to_csv)
-#        print_status("Results saved to: #{stored_path}")
-#      end
-#    end
-#  end
-#
-#  def account_disabled?(uac)
-#    (uac & UAC_DISABLED) > 0
-#  end
-#
-#  def account_locked?(lockout_time)
-#    lockout_time > 0
-#  end
-#
-#  # Takes the results of LDAP query, parses them into a table
-#  # and records and usernames as {Metasploit::Credential::Core}s in
-#  # the database.
-#  #
-#  # @param [Array<Array<Hash>>] the LDAP query results to parse
-#  # @return [Rex::Ui::Text::Table] the table containing all the result data
-#  def parse_results(results)
-#    domain = datastore['DOMAIN'] || get_domain
-#    domain_ip = client.net.resolve.resolve_host(domain)[:ip]
-#    # Results table holds raw string data
-#    results_table = Rex::Ui::Text::Table.new(
-#      'Header'     => "Domain Users",
-#      'Indent'     => 1,
-#      'SortIndex'  => -1,
-#      'Columns'    => @user_fields
-#    )
-#
-#    results.each do |result|
-#      row = []
-#
-#      result.each do |field|
-#        if field.nil?
-#          row << ""
-#        else
-#          row << field[:value]
-#        end
-#      end
-#
-#      username = result[@user_fields.index('sAMAccountName')][:value]
-#      uac = result[@user_fields.index('userAccountControl')][:value]
-#      lockout_time = result[@user_fields.index('lockoutTime')][:value]
-#      store_username(username, uac, lockout_time, domain, domain_ip)
-#
-#      results_table << row
-#    end
-#    results_table
-#  end
-#
-#  # Builds the LDAP query 'filter' used to find our User Accounts based on
-#  # criteria set by user in the Datastore.
-#  #
-#  # @return [String] the LDAP query string
-#  def query_filter
-#    inner_filter = '(objectCategory=person)(objectClass=user)'
-#    inner_filter << '(!(lockoutTime>=1))' if datastore['EXCLUDE_LOCKED']
-#    inner_filter << '(!(userAccountControl:1.2.840.113556.1.4.803:=2))' if datastore['EXCLUDE_DISABLED']
-#    inner_filter << "(memberof:1.2.840.113556.1.4.1941:=#{datastore['GROUP_MEMBER']})" if datastore['GROUP_MEMBER']
-#    inner_filter << "(#{datastore['FILTER']})" if datastore['FILTER']
-#    case datastore['UAC']
-#      when 'ANY'
-#      when 'NO_PASSWORD'
-#        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=32)'
-#      when 'CHANGE_PASSWORD'
-#        inner_filter << '(!sAMAccountType=805306370)(pwdlastset=0)'
-#      when 'NEVER_EXPIRES'
-#        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=65536)'
-#      when 'SMARTCARD_REQUIRED'
-#        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=262144)'
-#      when 'NEVER_LOGGEDON'
-#        inner_filter << '(|(lastlogon=0)(!lastlogon=*))'
-#    end
-#    "(&#{inner_filter})"
-#  end
-#
-#  def store_username(username, uac, lockout_time, realm, domain_ip)
-#    service_data = {
-#      address: domain_ip,
-#      port: 445,
-#      service_name: 'smb',
-#      protocol: 'tcp',
-#      workspace_id: myworkspace_id
-#    }
-#
-#    credential_data = {
-#      origin_type: :session,
-#      session_id: session_db_id,
-#      post_reference_name: refname,
-#      username: username,
-#      realm_value: realm,
-#      realm_key: Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
-#    }
-#
-#    credential_data.merge!(service_data)
-#
-#    # Create the Metasploit::Credential::Core object
-#    credential_core = create_credential(credential_data)
-#
-#    if account_disabled?(uac.to_i)
-#      status = Metasploit::Model::Login::Status::DISABLED
-#    elsif account_locked?(lockout_time.to_i)
-#      status = Metasploit::Model::Login::Status::LOCKED_OUT
-#    else
-#      status = Metasploit::Model::Login::Status::UNTRIED
-#    end
-#
-#    # Assemble the options hash for creating the Metasploit::Credential::Login object
-#    login_data = {
-#      core: credential_core,
-#      status: status
-#    }
-#
-#    login_data[:last_attempted_at] = DateTime.now unless (status == Metasploit::Model::Login::Status::UNTRIED)
-#
-#    # Merge in the service data and create our Login
-#    login_data.merge!(service_data)
-#    create_credential_login(login_data)
-#  end
-#end