refactor filter building

move the filter_string into a seperate method and use shovel oeprator to keep it a little cleaner
2015-01-14 14:04:28 -06:00 · 2015-01-14 14:04:28 -06:00 · c687ecca2e
parent 9b344a9605
commit c687ecca2e
1 changed files with 24 additions and 21 deletions
--- a/modules/post/windows/gather/enum_ad_users.rb
+++ b/modules/post/windows/gather/enum_ad_users.rb
@ -48,31 +48,10 @@ class Metasploit3 < Msf::Post
  end

  def run
-    fields = ['sAMAccountName', 'userAccountControl', 'lockoutTime', 'mail', 'primarygroupid', 'description']
-    inner_filter = '(objectCategory=person)(objectClass=user)'
    max_search = datastore['MAX_SEARCH']
    domain = datastore['DOMAIN'] || get_domain
    domain_ip = client.net.resolve.resolve_host(domain)[:ip]

-    inner_filter = "#{inner_filter}(!(lockoutTime>=1))" if datastore['EXCLUDE_LOCKED']
-    inner_filter = "#{inner_filter}(!(userAccountControl:1.2.840.113556.1.4.803:=2))" if datastore['EXCLUDE_DISABLED']
-
-    case datastore['UAC']
-    when 'ANY'
-    when 'NO_PASSWORD'
-      inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=32)"
-    when 'CHANGE_PASSWORD'
-      inner_filter = "#{inner_filter}(!sAMAccountType=805306370)(pwdlastset=0)"
-    when 'NEVER_EXPIRES'
-      inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=65536)"
-    when 'SMARTCARD_REQUIRED'
-      inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=262144)"
-    when 'NEVER_LOGGEDON'
-      inner_filter = "#{inner_filter}(|(lastlogon=0)(!lastlogon=*))"
-    end
-
-    search_filter = "(&#{inner_filter})"
-
    begin
      q = query(search_filter, max_search, USER_FIELDS)
    rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
@ -129,6 +108,30 @@ class Metasploit3 < Msf::Post
    lockout_time > 0
  end

+  # Builds the LDAP query 'filter' used to find our User Accounts based on
+  # criteria set by user in the Datastore.
+  #
+  # @return [String] the LDAP query string
+  def search_filter
+    inner_filter = '(objectCategory=person)(objectClass=user)'
+    inner_filter << '(!(lockoutTime>=1))' if datastore['EXCLUDE_LOCKED']
+    inner_filter << '(!(userAccountControl:1.2.840.113556.1.4.803:=2))' if datastore['EXCLUDE_DISABLED']
+    case datastore['UAC']
+      when 'ANY'
+      when 'NO_PASSWORD'
+        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=32)'
+      when 'CHANGE_PASSWORD'
+        inner_filter << '(!sAMAccountType=805306370)(pwdlastset=0)'
+      when 'NEVER_EXPIRES'
+        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=65536)'
+      when 'SMARTCARD_REQUIRED'
+        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=262144)'
+      when 'NEVER_LOGGEDON'
+        inner_filter << '(|(lastlogon=0)(!lastlogon=*))'
+    end
+    "(&#{inner_filter})"
+  end
+
  def store_username(username, uac, lockout_time, realm, domain_ip)
    service_data = {
      address: domain_ip,