From e9c8ebb3e0922219ccb7cc277d39d854a6f4ed7f Mon Sep 17 00:00:00 2001 From: benpturner Date: Fri, 8 May 2015 19:51:17 +0100 Subject: [PATCH] New modules with edit for authors --- .../powershell/enum_domain_controllers.rb | 32 +++++++++++++++ .../powershell/enum_domain_pass_policy.rb | 8 ++-- .../gather/powershell/enum_domain_users.rb | 35 +++++++++++++++++ .../powershell/enum_powershell_version.rb | 9 ++--- .../gather/powershell/enum_services.rb | 39 +++++++++++++++++++ 5 files changed, 114 insertions(+), 9 deletions(-) create mode 100644 modules/post/windows/gather/powershell/enum_domain_controllers.rb create mode 100644 modules/post/windows/gather/powershell/enum_domain_users.rb create mode 100644 modules/post/windows/gather/powershell/enum_services.rb diff --git a/modules/post/windows/gather/powershell/enum_domain_controllers.rb b/modules/post/windows/gather/powershell/enum_domain_controllers.rb new file mode 100644 index 0000000000..b33020d969 --- /dev/null +++ b/modules/post/windows/gather/powershell/enum_domain_controllers.rb @@ -0,0 +1,32 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'msf/core/auxiliary/report' + + +class Metasploit3 < Msf::Post + + include Msf::Auxiliary::Report + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Enum Domain Controllors via PowerShell', + 'Description' => %Q{ This module will enumerate Domain Controllors }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Ben Turner ','Dave Hardy '], + 'Platform' => [ 'win' ], + 'SessionTypes' => [ 'powershell' ] + )) + end + + # Run Method called when command run is issued + def run + print_good("Running the post module: #{name} on" + session.shell_command('$env:COMPUTERNAME')) + + pscommand='$root = New-Object DirectoryServices.DirectoryEntry "LDAP://RootDSE"; $root.Properties["dnsHostName"][0].ToString()' + print(session.shell_command(pscommand)) + end +end diff --git a/modules/post/windows/gather/powershell/enum_domain_pass_policy.rb b/modules/post/windows/gather/powershell/enum_domain_pass_policy.rb index f88d491d5d..f1470ea407 100644 --- a/modules/post/windows/gather/powershell/enum_domain_pass_policy.rb +++ b/modules/post/windows/gather/powershell/enum_domain_pass_policy.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Post 'Name' => 'Enum Domain Password Policy', 'Description' => %Q{ This module will enumerate the domain password policy }, 'License' => MSF_LICENSE, - 'Author' => [ 'Ben Turner <@benpturner>','Dave Hardy <@davehardy20>'], + 'Author' => [ 'Ben Turner ','Dave Hardy '], 'Platform' => [ 'win' ], 'SessionTypes' => [ 'powershell' ] )) @@ -24,9 +24,9 @@ class Metasploit3 < Msf::Post # Run Method called when command run is issued def run - #enumerate the domain password policy print_good("Running the post module: #{name} on" + session.shell_command('$env:COMPUTERNAME')) - pscommand='net accounts' + + pscommand='net accounts /domain' print(session.shell_command(pscommand)) end -end \ No newline at end of file +end diff --git a/modules/post/windows/gather/powershell/enum_domain_users.rb b/modules/post/windows/gather/powershell/enum_domain_users.rb new file mode 100644 index 0000000000..7ba0ec5e61 --- /dev/null +++ b/modules/post/windows/gather/powershell/enum_domain_users.rb @@ -0,0 +1,35 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'msf/core/auxiliary/report' + + +class Metasploit3 < Msf::Post + + include Msf::Auxiliary::Report + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Enum Domain Users via Powershell', + 'Description' => %Q{ This module will enumerate the domain users via powershell }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Ben Turner ','Dave Hardy '], + 'Platform' => [ 'win' ], + 'SessionTypes' => [ 'powershell' ] + )) + end + + # Run Method called when command run is issued + def run + print_good("Running the post module: #{name} on" + session.shell_command('$env:COMPUTERNAME')) + + # Find all domain users + pscommand = '$searcher = new-object System.DirectoryServices.DirectorySearcher ; $searcher.filter = "(&(objectClass=user)(sAMAccountName=*))"; $colResults = $searcher.findall()' + print(session.shell_command(pscommand)) + pscommand = '"`nDomain Users`n=============";foreach ($objResult in $colResults) {$objItem = $objResult.Properties; $objItem.samaccountname } ; "`n"' + print(session.shell_command(pscommand)) + end +end diff --git a/modules/post/windows/gather/powershell/enum_powershell_version.rb b/modules/post/windows/gather/powershell/enum_powershell_version.rb index ed4a1fe4dd..0cd1faa847 100644 --- a/modules/post/windows/gather/powershell/enum_powershell_version.rb +++ b/modules/post/windows/gather/powershell/enum_powershell_version.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Post 'Name' => 'Enum PowerShell Version', 'Description' => %Q{ This module will enumerate the local powershell version }, 'License' => MSF_LICENSE, - 'Author' => [ 'Ben Turner <@benpturner>','Dave Hardy <@davehardy20>'], + 'Author' => [ 'Ben Turner ','Dave Hardy '], 'Platform' => [ 'win' ], 'SessionTypes' => [ 'powershell' ] )) @@ -24,11 +24,10 @@ class Metasploit3 < Msf::Post # Run Method called when command run is issued def run - #enumerate the powershell version print_good("Running the post module: #{name} on" + session.shell_command('$env:COMPUTERNAME')) - - # Powershell version + + # Enumerate powershell version pscommand='$psversiontable' print(session.shell_command(pscommand)) end -end \ No newline at end of file +end diff --git a/modules/post/windows/gather/powershell/enum_services.rb b/modules/post/windows/gather/powershell/enum_services.rb new file mode 100644 index 0000000000..84a3c12a06 --- /dev/null +++ b/modules/post/windows/gather/powershell/enum_services.rb @@ -0,0 +1,39 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'msf/core/auxiliary/report' + + +class Metasploit3 < Msf::Post + + include Msf::Auxiliary::Report + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Enum Service Permissions via PowerShell', + 'Description' => %Q{ This module will enumerate the ALL services running or stopped }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Ben Turner ','Dave Hardy '], + 'Platform' => [ 'win' ], + 'SessionTypes' => [ 'powershell' ] + )) + end + + # Run Method called when command run is issued + def run + print_good("Running the post module: #{name} on" + session.shell_command('$env:COMPUTERNAME')) + + # Get all the services that are not in "C:\Windows\System32\" + pscommand = '$services = Get-WmiObject win32_service | ?{$_} | where {($_.pathname -ne $null) -and ($_.pathname -notmatch ".*system32.*")} ; $servicepaths = New-Object System.Collections.ArrayList' + print(session.shell_command(pscommand)) + + pscommand = 'foreach ($service in $services) { if ($service.PathName -Match "^(.+?)\.exe") {$servicepaths.Add($Matches[0].Replace(\'"\',\'\')) > $null} }' + print(session.shell_command(pscommand)) + + pscommand = 'foreach ($service in $servicepaths) { "`n"+$service; get-acl $service | select-object -expandproperty AccessToString }' + print(session.shell_command(pscommand)) + end +end