Fixes enum_domain_group_users when running as SYSTEM.
bug/bundler_fix
Meatballs 2015-05-09 10:49:05 +01:00
commit d2e1fdbbc3
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 28 additions and 52 deletions

View File

@ -7,15 +7,14 @@ require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Post
def initialize(info={})
super( update_info( info,
def initialize(info = {})
super(update_info(info,
'Name' => 'Windows Gather Enumerate Domain Group',
'Description' => %q{ This module extracts user accounts from specified group
'Description' => %q( This module extracts user accounts from specified group
and stores the results in the loot. It will also verify if session
account is in the group. Data is stored in loot in a format that
is compatible with the token_hunter plugin. This module should be
run over as session with domain credentials.},
run over as session with domain credentials.),
'License' => MSF_LICENSE,
'Author' =>
[
@ -38,18 +37,16 @@ class Metasploit3 < Msf::Post
cur_domain, cur_user = client.sys.config.getuid.split("\\")
ltype = "domain.group.members"
ctype = "text/plain"
domain = ""
# Get Data
usr_res = run_cmd("net groups \"#{datastore['GROUP']}\" /domain")
dom_res = run_cmd("net config workstation")
usr_res = cmd_exec("net groups \"#{datastore['GROUP']}\" /domain")
# Parse Returned data
members = get_members(usr_res.split("\n"))
domain = get_domain(dom_res.split("\n"))
domain = get_env("USERDOMAIN")
# Show results if we have any, Error if we don't
if ! members.empty?
if !members.empty?
print_status("Found users in #{datastore['GROUP']}")
@ -61,9 +58,9 @@ class Metasploit3 < Msf::Post
# Is our current user a member of this domain and group
if is_member(cur_domain, cur_user, domain, members)
print_status("Current sessions running as #{cur_domain}\\#{cur_user} is a member of #{datastore['GROUP']}!!")
print_good("Current sessions running as #{cur_domain}\\#{cur_user} is a member of #{datastore['GROUP']}!")
else
print_error("Current session running as #{cur_domain}\\#{cur_user} is not a member of #{datastore['GROUP']}")
print_status("Current session running as #{cur_domain}\\#{cur_user} is not a member of #{datastore['GROUP']}")
end
# Store the captured data in the loot.
@ -72,7 +69,6 @@ class Metasploit3 < Msf::Post
else
print_error("No members found for #{datastore['GROUP']}")
end
end
def get_members(results)
@ -90,41 +86,21 @@ class Metasploit3 < Msf::Post
end
end
return members
end
def get_domain(results)
domain = ''
results.each do |line|
if line =~ /Workstation domain \s+(.*)/ then domain = $1.strip end
end
return domain
members
end
def is_member(cur_dom, cur_user, dom, users)
member = false
if cur_dom == dom
users.each do |u|
if u.downcase == cur_user.downcase then member = true end
if u.downcase == cur_user.downcase
member = true
break
end
end
end
return member
member
end
def run_cmd(cmd)
process = session.sys.process.execute(cmd, nil, {'Hidden' => true, 'Channelized' => true})
res = ""
while (d = process.channel.read)
break if d == ""
res << d
end
process.channel.close
process.close
return res
end
end