infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Altered description to include information on the password complexity check 

Altered the default password to meet the complexity checks

Note: The complexity checks (even if they fail) don't prevent the payload from running. At this point it only raises an warning and continues on. I can change this if it's more desirable however!
unstable
Chris John Riley 2012-06-03 09:22:48 +02:00
parent ea66deb779
commit a51df5fc3a
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/payloads/singles/cmd/windows/adduser.rb
View File

@ -20,7 +20,15 @@ module Metasploit3
super(merge_info(info,
'Name' => 'Windows Execute net user /ADD CMD',
'Version' => '$Revision$',
'Description' => 'Create a new user and add them to local administration group',
'Description' => %q{
Create a new user and add them to local administration group.
Note: The specified password is checked for common complexity
requirements to prevent the target machine rejecting the user
for failing to meet policy requirements.
Complexity check: 8-14 chars (1 UPPER, 1 lower, 1 digit/special)
},
'Author' => ['hdm','scriptjunkie','Chris John Riley'],
'License' => MSF_LICENSE,
'Platform' => 'win',
@ -38,7 +46,7 @@ module Metasploit3
register_options(
[
OptString.new('USER', [ true, "The username to create", "metasploit" ]),
OptString.new('PASS', [ true, "The password for this user", "metasploit" ]),
OptString.new('PASS', [ true, "The password for this user", "Metasploit$1" ]),
OptString.new('CUSTOM', [ false, "Custom group name to be used instead of default", '' ]),
OptBool.new('WMIC', [ true, "Use WMIC on the target to resolve administrators group", false ]),
], self.class)
@ -69,6 +77,7 @@ module Metasploit3
print_good "Password: #{pass} passes complexity checks"
elsif complexity
print_error "Password: #{pass} doesn't meet complexity requirements and may cause issues"
print_error "The password should idealy be 8-14 chars (1 UPPER, 1 lower, 1 digit/special)"
end
if not cust.empty?

13
modules/payloads/singles/windows/adduser.rb
View File

@ -27,7 +27,15 @@ module Metasploit3
super(update_info(info,
'Name' => 'Windows Execute net user /ADD',
'Version' => '$Revision$',
'Description' => 'Create a new user and add them to local administration group',
'Description' => %q{
Create a new user and add them to local administration group.
Note: The specified password is checked for common complexity
requirements to prevent the target machine rejecting the user
for failing to meet policy requirements.
Complexity check: 8-14 chars (1 UPPER, 1 lower, 1 digit/special)
},
'Author' => ['hdm','Chris John Riley'],
'License' => MSF_LICENSE,
'Platform' => 'win',
@ -38,7 +46,7 @@ module Metasploit3
register_options(
[
OptString.new('USER', [ true, "The username to create", "metasploit" ]),
OptString.new('PASS', [ true, "The password for this user", "metasploit" ]),
OptString.new('PASS', [ true, "The password for this user", "Metasploit$1" ]),
OptString.new('CUSTOM', [ false, "Custom group name to be used instead of default", '' ]),
OptBool.new('WMIC', [ true, "Use WMIC on the target to resolve administrators group", false ]),
], self.class)
@ -70,6 +78,7 @@ module Metasploit3
print_good "Password: #{pass} passes complexity checks"
elsif complexity
print_error "Password: #{pass} doesn't meet complexity requirements and may cause issues"
print_error "The password should idealy be 8-14 chars (1 UPPER, 1 lower, 1 digit/special)"
end
if not cust.empty?