updated enum_domain_users with Meatballs1 suggestions
staaldraad
parent
7c48441d53
commit
dfa8c86408
|
|
@ -8,7 +8,6 @@ class Metasploit3 < Msf::Post
|
||||||
|
|
||||||
include Msf::Post::Common
|
include Msf::Post::Common
|
||||||
include Msf::Post::File
|
include Msf::Post::File
|
||||||
|
|
||||||
include Msf::Post::Windows::Registry
|
include Msf::Post::Windows::Registry
|
||||||
|
|
||||||
def initialize(info={})
|
def initialize(info={})
|
||||||
|
|
@ -27,42 +26,36 @@ class Metasploit3 < Msf::Post
|
||||||
))
|
))
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('USER', [true, 'Target User for NetSessionEnum', 'nil']),
|
OptString.new('USER', [true, 'Target User for NetSessionEnum', nil]),
|
||||||
OptString.new('HOST', [false, 'Target a specific host', '']),
|
OptString.new('HOST', [false, 'Target a specific host', nil]),
|
||||||
OptString.new('VERBOSE', [false, 'Display failed logins/missing hosts', 'false']),
|
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
def run
|
def run
|
||||||
@sessions = 0
|
@sessions = 0
|
||||||
@verbose = false
|
|
||||||
@retrieved = ''
|
@retrieved = ''
|
||||||
|
|
||||||
if datastore['HOST'] != ''
|
if datastore['HOST'] != nil
|
||||||
if datastore['USER'] == 'nil'
|
if datastore['USER'] == nil
|
||||||
print_status("Attempting to get all logged in users...")
|
print_status("Attempting to get all logged in users...")
|
||||||
getSessions(datastore['HOST'],nil)
|
getSessions(datastore['HOST'],nil)
|
||||||
else
|
else
|
||||||
getSessions(datastore['HOST'],datastore['USER'])
|
getSessions(datastore['HOST'],datastore['USER'])
|
||||||
end
|
end
|
||||||
elsif datastore['USER']
|
elsif datastore['USER']
|
||||||
if datastore['USER'] == 'nil'
|
if datastore['USER'] == nil
|
||||||
@user = nil
|
@user = nil
|
||||||
else
|
else
|
||||||
@user = datastore['USER']
|
@user = datastore['USER']
|
||||||
end
|
end
|
||||||
domain = getdomain()
|
domain = getdomain()
|
||||||
|
|
||||||
if datastore['VERBOSE'] == 'true'
|
vprint_status("Verbose output enabled")
|
||||||
print_status ("Verbose output enabled")
|
|
||||||
@verbose = true
|
|
||||||
end
|
|
||||||
|
|
||||||
if not domain.empty?
|
if not domain.empty?
|
||||||
print_status ("Using domain: #{domain}")
|
print_status ("Using domain: #{domain}")
|
||||||
print_status ("Getting list of domain hosts")
|
print_status ("Getting list of domain hosts")
|
||||||
hostname_list = get_domain_hosts()
|
hostname_list = get_domain_hosts()
|
||||||
|
|
||||||
count = 1
|
count = 1
|
||||||
|
|
||||||
if hostname_list != nil
|
if hostname_list != nil
|
||||||
|
|
@ -116,39 +109,29 @@ class Metasploit3 < Msf::Post
|
||||||
|
|
||||||
buffersize = 500
|
buffersize = 500
|
||||||
result = client.railgun.netapi32.NetSessionEnum(hostname,nil,username,10,4,buffersize,4,4,nil)
|
result = client.railgun.netapi32.NetSessionEnum(hostname,nil,username,10,4,buffersize,4,4,nil)
|
||||||
if result['return'] == 5
|
case result['return']
|
||||||
if @verbose == true
|
when 5
|
||||||
print_error("Access Denied when trying to access host: #{hostname}")
|
vprint_error("Access denied...")
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
elsif result['return'] == 53
|
when 53
|
||||||
if @verbose == true
|
vprint_error("Host not found or did not respond: #{hostname}")
|
||||||
print_error("Host not found or did not respond: #{hostname}")
|
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
elsif result['return'] == 123
|
when 123
|
||||||
if @verbose == true
|
vprint_error("Invalid host: #{hostname}")
|
||||||
print_error("Invalid host: #{hostname}")
|
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
elsif result['return'] == 0
|
when 0
|
||||||
if @verbose == true
|
vprint_status("#{hostname} Session identified")
|
||||||
print_status("#{hostname} Session identified")
|
when 2221 #username not found
|
||||||
end
|
|
||||||
elsif result['return'] == 2221 #username not found
|
|
||||||
return nil
|
return nil
|
||||||
else
|
else
|
||||||
if result['return'] != 234
|
if result['return'] != 234
|
||||||
if @verbose == true
|
vprint_error("Unaccounted for error code: #{result['return']}")
|
||||||
print_status("Unaccounted for error code: #{result['return']}")
|
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
while result['return'] == 234
|
while result['return'] == 234
|
||||||
buffersize = buffersize + 500
|
buffersize = buffersize + 500
|
||||||
print_status("Buff me")
|
|
||||||
result = client.railgun.netapi32.NetSessionEnum(hostname,nil,username,10,4,buffersize,4,4,nil)
|
result = client.railgun.netapi32.NetSessionEnum(hostname,nil,username,10,4,buffersize,4,4,nil)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -161,7 +144,6 @@ class Metasploit3 < Msf::Post
|
||||||
else
|
else
|
||||||
print_good("#{x[:username]} logged in at #{hostname} and has been idle for #{x[:idletime]} seconds")
|
print_good("#{x[:username]} logged in at #{hostname} and has been idle for #{x[:idletime]} seconds")
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -186,38 +168,27 @@ class Metasploit3 < Msf::Post
|
||||||
#NetServerEnum(servername,level,bufptr,prefmaxlen,entriesread,totalentries,servertype,domain,resume_handle)
|
#NetServerEnum(servername,level,bufptr,prefmaxlen,entriesread,totalentries,servertype,domain,resume_handle)
|
||||||
result = client.railgun.netapi32.NetServerEnum(nil,100,4,buffersize,4,4,servertype,nil,nil)
|
result = client.railgun.netapi32.NetServerEnum(nil,100,4,buffersize,4,4,servertype,nil,nil)
|
||||||
|
|
||||||
if result['return'] == 5
|
case result['return']
|
||||||
if @verbose == true
|
when 5
|
||||||
print_error("Access Denied when trying to enum hosts.")
|
vprint_error("Access Denied when trying to enum hosts.")
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
elsif result['return'] == 6118
|
when 6118
|
||||||
if @verbose == true
|
vprint_error("No Browser servers found.")
|
||||||
print_error("No Browser servers found.")
|
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
elsif result['return'] == 50
|
when 50
|
||||||
if @verbose == true
|
vprint_error("Request not supported.")
|
||||||
print_error("Request not supported.")
|
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
elsif result['return'] == 2184
|
when 2184
|
||||||
if @verbose == true
|
vprint_error("Service not installed.")
|
||||||
print_error("Service not installed.")
|
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
elsif result['return'] == 0
|
when 0
|
||||||
if @verbose == true
|
vprint_status("Great success")
|
||||||
print_status("Great success")
|
when 87
|
||||||
end
|
vprint_error ("invalid parameter")
|
||||||
elsif result['return'] == 87 #username not found
|
|
||||||
print_error ("invalid parameter")
|
|
||||||
return nil
|
return nil
|
||||||
else
|
else
|
||||||
if result['return'] != 234
|
if result['return'] != 234
|
||||||
if @verbose == true
|
vprint_status("Unaccounted for error code: #{result['return']}")
|
||||||
print_status("Unaccounted for error code: #{result['return']}")
|
|
||||||
end
|
|
||||||
return nil
|
return nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue