infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bring in @darkoperator's filters

bug/bundler_fix
Meatballs 2014-12-17 06:14:21 +00:00
parent 8c7ff728ef
commit dd63d793e5
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
modules/post/windows/gather/enum_ad_users.rb
View File

@ -31,20 +31,51 @@ class Metasploit3 < Msf::Post
)) ))
register_options([ register_options([
OptBool.new('STORE_LOOT', [true, 'Store file in loot.', false]) OptBool.new('STORE_LOOT', [true, 'Store file in loot.', false]),
], self.class) OptBool.new('EXCLUDE_LOCKED', [true, 'Exclude in search locked accounts..', false]),
OptBool.new('EXCLUDE_DISABLED', [true, 'Exclude from search disabled accounts.', false]),
OptEnum.new('UAC', [true, 'Filter on User Account Control Setting.', 'ANY',
[
'ANY',
'NO_PASSWORD',
'CHANGE_PASSWORD',
'NEVER_EXPIRES',
'SMARTCARD_REQUIRED',
'NEVER_LOGGEDON'
]])
], self.class)
end end
def run def run
fields = ['sAMAccountName', 'userAccountControl', 'lockoutTime', 'mail', 'primarygroupid', 'description'] fields = ['sAMAccountName', 'userAccountControl', 'lockoutTime', 'mail', 'primarygroupid', 'description']
search_filter = '(&(objectCategory=person)(objectClass=user))' inner_filter = '(objectCategory=person)(objectClass=user)'
max_search = datastore['MAX_SEARCH'] max_search = datastore['MAX_SEARCH']
domain = datastore['DOMAIN'] || get_domain domain = datastore['DOMAIN'] || get_domain
domain_ip = client.net.resolve.resolve_host(domain)[:ip] domain_ip = client.net.resolve.resolve_host(domain)[:ip]
inner_filter = "#{inner_filter}(!(lockoutTime>=1))" if datastore['EXCLUDE_LOCKED']
inner_filter = "#{inner_filter}(!(userAccountControl:1.2.840.113556.1.4.803:=2))" if datastore['EXCLUDE_DISABLED']
case datastore['UAC']
when 'ANY'
when 'NO_PASSWORD'
inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=32)"
when 'CHANGE_PASSWORD'
inner_filter = "#{inner_filter}(!sAMAccountType=805306370)(pwdlastset=0)"
when 'NEVER_EXPIRES'
inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=65536)"
when 'SMARTCARD_REQUIRED'
inner_filter = "#{inner_filter}(userAccountControl:1.2.840.113556.1.4.803:=262144)"
when 'NEVER_LOGGEDON'
inner_filter = "#{inner_filter}(|(lastlogon=0)(!lastlogon=*))"
end
search_filter = "(&#{inner_filter})"
begin begin
q = query(search_filter, max_search, fields) q = query(search_filter, max_search, fields)
if q.nil? || q[:results].empty? if q.nil? || q[:results].empty?
print_status('No results returned.')
return return
end end
rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
@ -89,7 +120,7 @@ class Metasploit3 < Msf::Post
end end
def account_disabled?(uac) def account_disabled?(uac)
disabled = (uac & UAC_DISABLED) > 0 (uac & UAC_DISABLED) > 0
end end
def account_locked?(lockout_time) def account_locked?(lockout_time)