From 6d6306f6e70cef7e8c0ad2969cbfd06f791e6ef8 Mon Sep 17 00:00:00 2001
From: Stuart Morgan <stuart.morgan@mwrinfosecurity.com>
Date: Fri, 18 Dec 2015 21:14:39 +0000
Subject: [PATCH] Added sAMAccountType constants from MSDN

---
 .../windows/gather/ad_groupusers_to_sql.rb    | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/modules/post/windows/gather/ad_groupusers_to_sql.rb b/modules/post/windows/gather/ad_groupusers_to_sql.rb
index 2c385f72a6..90de671b7c 100644
--- a/modules/post/windows/gather/ad_groupusers_to_sql.rb
+++ b/modules/post/windows/gather/ad_groupusers_to_sql.rb
@@ -265,6 +265,27 @@ class Metasploit3 < Msf::Post
                            'FOREIGN KEY(group_rid) REFERENCES ad_groups(rid))'
       db.execute(sql_table_mapping)
 
+      # Create the reference table for sAMAccountType
+      # https://msdn.microsoft.com/en-us/library/windows/desktop/ms679637(v=vs.85).aspx
+      db.execute('DROP TABLE IF EXISTS ref_sAMAccountType')
+      sql_table_ref_sac = 'CREATE TABLE ref_sAMAccountType ('\
+                           'id INTEGER PRIMARY KEY NOT NULL,'\
+                           'name TEXT UNIQUE NOT NULL)'
+      db.execute(sql_table_ref_sac)
+
+      # Now insert the data into the sAMAccoutType reference table
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_DOMAIN_OBJECT',0)")
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_GROUP_OBJECT',0x10000000)") 
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_NON_SECURITY_GROUP_OBJECT',0x10000001)") 
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_ALIAS_OBJECT',0x20000000)") 
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_NON_SECURITY_ALIAS_OBJECT',0x20000001)") 
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_NORMAL_USER_ACCOUNT',0x30000000)")
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_MACHINE_ACCOUNT',0x30000001)")
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_TRUST_ACCOUNT',0x30000002)")
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_APP_BASIC_GROUP',0x40000000)")
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_APP_QUERY_GROUP',0x40000001)")
+  	  db.execute("insert into ref_sAMAccountType (name,id) VALUES ('SAM_ACCOUNT_TYPE_MAX',0x7fffffff)")
+
       return db, filename
     rescue SQLite3::Exception => e
       print_error("Error(Database): #{e.message}")