From e42bbcbcbbde2fc7a0945ee12f7a92019940d362 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Mon, 16 Feb 2015 14:03:15 +0000
Subject: [PATCH] Enum_ad modules should retrive userPrincipalName as it may
 differ to the sAMAccountName value.

---
 modules/post/windows/gather/enum_ad_user_comments.rb |  3 +--
 modules/post/windows/gather/enum_ad_users.rb         | 12 +++++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/modules/post/windows/gather/enum_ad_user_comments.rb b/modules/post/windows/gather/enum_ad_user_comments.rb
index 8e2dded9e2..22519eae57 100644
--- a/modules/post/windows/gather/enum_ad_user_comments.rb
+++ b/modules/post/windows/gather/enum_ad_user_comments.rb
@@ -31,7 +31,7 @@ class Metasploit3 < Msf::Post
 
     register_options([
       OptBool.new('STORE_LOOT', [true, 'Store file in loot.', false]),
-      OptString.new('FIELDS', [true, 'Fields to retrieve.','sAMAccountName,userAccountControl,comment,description']),
+      OptString.new('FIELDS', [true, 'Fields to retrieve.','userPrincipalName,sAMAccountName,userAccountControl,comment,description']),
       OptString.new('FILTER', [true, 'Search filter.','(&(&(objectCategory=person)(objectClass=user))(|(description=*pass*)(comment=*pass*)))']),
     ], self.class)
   end
@@ -63,7 +63,6 @@ class Metasploit3 < Msf::Post
     q[:results].each do |result|
       row = []
 
-      report = {}
       result.each do |field|
         if field[:value].nil?
           row << ""
diff --git a/modules/post/windows/gather/enum_ad_users.rb b/modules/post/windows/gather/enum_ad_users.rb
index 94cbbc526e..808d3bcbce 100644
--- a/modules/post/windows/gather/enum_ad_users.rb
+++ b/modules/post/windows/gather/enum_ad_users.rb
@@ -12,7 +12,13 @@ class Metasploit3 < Msf::Post
   include Msf::Post::Windows::Accounts
 
   UAC_DISABLED = 0x02
-  USER_FIELDS = ['sAMAccountName', 'userAccountControl', 'lockoutTime', 'mail', 'primarygroupid', 'description'].freeze
+  USER_FIELDS = ['userPrincipalName',
+                 'sAMAccountName',
+                 'userAccountControl',
+                 'lockoutTime',
+                 'mail',
+                 'primarygroupid',
+                 'description'].freeze
 
   def initialize(info = {})
     super(update_info(
@@ -108,8 +114,8 @@ class Metasploit3 < Msf::Post
       end
 
       username = result.first[:value]
-      uac = result[1][:value]
-      lockout_time = result[2][:value]
+      uac = result[2][:value]
+      lockout_time = result[3][:value]
       store_username(username, uac, lockout_time, domain, domain_ip)
 
       results_table << row