infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added check for LOGONSERVER and HOMEPATH

unstable
Royce Davis 2012-11-28 09:02:19 -06:00
parent a889c8ae99
commit 82dc8e8814
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/auxiliary/scanner/smb/loggedin_users.rb
View File

@ -46,6 +46,12 @@ class Metasploit3 < Msf::Auxiliary
def peer
return "#{rhost}:#{rport}"
end
# This is the main controller function # This is the main controller function
def run_host(ip) def run_host(ip)
cmd = "C:\\WINDOWS\\SYSTEM32\\cmd.exe" cmd = "C:\\WINDOWS\\SYSTEM32\\cmd.exe"
@ -122,7 +128,7 @@ class Metasploit3 < Msf::Auxiliary
simple.connect(smbshare) simple.connect(smbshare)
psexec(smbshare, command) psexec(smbshare, command)
if output = get_output(ip, smbshare, text) if output = get_output(ip, smbshare, text)
domain, username, dnsdomain = "","","" domain, username, dnsdomain, homepath, logonserver = "","","","",""
# Run this IF loop and only check for specified user if datastore['USERNAME'] is specified # Run this IF loop and only check for specified user if datastore['USERNAME'] is specified
if datastore['USERNAME'].length > 0 if datastore['USERNAME'].length > 0
output.each_line do |line| output.each_line do |line|
@ -130,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary
domain = line if line.include?("USERDOMAIN") domain = line if line.include?("USERDOMAIN")
end end
if domain.split(" ")[2].to_s.chomp + "\\" + username.split(" ")[2].to_s.chomp == datastore['USERNAME'] if domain.split(" ")[2].to_s.chomp + "\\" + username.split(" ")[2].to_s.chomp == datastore['USERNAME']
print_good("#{datastore['USERNAME']} logged into #{ip}") print_good("#{datastore['USERNAME']} is logged into #{ip}")
end end
return return
end end
@ -138,14 +144,22 @@ class Metasploit3 < Msf::Auxiliary
domain = line if line.include?("USERDOMAIN") domain = line if line.include?("USERDOMAIN")
username = line if line.include?("USERNAME") username = line if line.include?("USERNAME")
dnsdomain = line if line.include?("USERDNSDOMAIN") dnsdomain = line if line.include?("USERDNSDOMAIN")
homepath = line if line.include?("HOMEPATH")
logonserver = line if line.include?("LOGONSERVER")
end end
if username.length > 0 && domain.length > 0 if username.length > 0 && domain.length > 0
print_good("#{ip} - #{domain.split(" ")[2].to_s}\\#{username.split(" ")[2].to_s}") print_good("#{peer} - #{domain.split(" ")[2].to_s}\\#{username.split(" ")[2].to_s}")
elsif logonserver.length > 0 && homepath.length > 0
uname = homepath.split('\\')[homepath.split('\\').size - 1]
if uname.include?(".")
uname = uname.split(".")[0]
end
print_good("#{peer} - #{logonserver.split('\\\\')[1].chomp}\\#{uname}")
else else
if username = query_session(smbshare, ip, cmd, text, bat) if username = query_session(smbshare, ip, cmd, text, bat)
print_good("#{ip} - #{dnsdomain.split(" ")[2].split(".")[0].to_s}\\#{username}") print_good("#{peer} - #{dnsdomain.split(" ")[2].split(".")[0].to_s}\\#{username}")
else else
print_status("#{ip} - Unable to determine user information for user: #{key}") print_status("#{peer} - Unable to determine user information for user: #{key}")
end end
end end
else else