infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor filter building 

move the filter_string into a seperate method
and use shovel oeprator to keep it a little cleaner
bug/bundler_fix
David Maloney 2015-01-14 14:04:28 -06:00
parent 9b344a9605
commit c687ecca2e
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
1 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
modules/post/windows/gather/enum_ad_users.rb
View File

@ -48,31 +48,10 @@ class Metasploit3 < Msf::Post
end end
def run def run
fields = ['sAMAccountName', 'userAccountControl', 'lockoutTime', 'mail', 'primarygroupid', 'description']
inner_filter = '(objectCategory=person)(objectClass=user)'
max_search = datastore['MAX_SEARCH'] max_search = datastore['MAX_SEARCH']
domain = datastore['DOMAIN'] || get_domain domain = datastore['DOMAIN'] || get_domain
domain_ip = client.net.resolve.resolve_host(domain)[:ip] domain_ip = client.net.resolve.resolve_host(domain)[:ip]
inner_filter = "#{inner_filter}(!(lockoutTime>=1))" if datastore['EXCLUDE_LOCKED']
inner_filter = "#{inner_filter}(!(userAccountControl:1.2.840.113556.1.4.803:=2))" if datastore['EXCLUDE_DISABLED']
case datastore['UAC']
when 'ANY'
when 'NO_PASSWORD'
inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=32)"
when 'CHANGE_PASSWORD'
inner_filter = "#{inner_filter}(!sAMAccountType=805306370)(pwdlastset=0)"
when 'NEVER_EXPIRES'
inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=65536)"
when 'SMARTCARD_REQUIRED'
inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=262144)"
when 'NEVER_LOGGEDON'
inner_filter = "#{inner_filter}(|(lastlogon=0)(!lastlogon=*))"
end
search_filter = "(&#{inner_filter})"
begin begin
q = query(search_filter, max_search, USER_FIELDS) q = query(search_filter, max_search, USER_FIELDS)
rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
@ -129,6 +108,30 @@ class Metasploit3 < Msf::Post
lockout_time > 0 lockout_time > 0
end end
# Builds the LDAP query 'filter' used to find our User Accounts based on
# criteria set by user in the Datastore.
#
# @return [String] the LDAP query string
def search_filter
inner_filter = '(objectCategory=person)(objectClass=user)'
inner_filter << '(!(lockoutTime>=1))' if datastore['EXCLUDE_LOCKED']
inner_filter << '(!(userAccountControl:1.2.840.113556.1.4.803:=2))' if datastore['EXCLUDE_DISABLED']
case datastore['UAC']
when 'ANY'
when 'NO_PASSWORD'
inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=32)'
when 'CHANGE_PASSWORD'
inner_filter << '(!sAMAccountType=805306370)(pwdlastset=0)'
when 'NEVER_EXPIRES'
inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=65536)'
when 'SMARTCARD_REQUIRED'
inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=262144)'
when 'NEVER_LOGGEDON'
inner_filter << '(|(lastlogon=0)(!lastlogon=*))'
end
"(&#{inner_filter})"
end
def store_username(username, uac, lockout_time, realm, domain_ip) def store_username(username, uac, lockout_time, realm, domain_ip)
service_data = { service_data = {
address: domain_ip, address: domain_ip,