infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for general domain queries 

Specific queries are just wrappers over the top of the domain query
bug/bundler_fix
OJ 2013-12-08 20:41:30 +10:00
parent 35b051174c
commit f13736d208
3 changed files with 60 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
View File

@ -21,47 +21,67 @@ class Adsi
# Enumerate all the users in the given domain.
def user_enumerate(domain_name)
request = Packet.create_request('extapi_adsi_user_enum')
filter = "(objectClass=user)"
fields = [
"samaccountname",
"name",
"distinguishedname",
"description",
"comment"
]
request.add_tlv(TLV_TYPE_EXT_ADSI_DOMAIN, domain_name)
response = client.send_request(request)
users = []
response.each(TLV_TYPE_EXT_ADSI_USER) { |u|
users << {
:sam => u.get_tlv_value(TLV_TYPE_EXT_ADSI_USER_SAM) || "",
:dn => u.get_tlv_value(TLV_TYPE_EXT_ADSI_USER_DN) || "",
:name => u.get_tlv_value(TLV_TYPE_EXT_ADSI_USER_NAME) || "",
:desc => u.get_tlv_value(TLV_TYPE_EXT_ADSI_USER_DESC) || "",
:comment => u.get_tlv_value(TLV_TYPE_EXT_ADSI_USER_COMMENT) || ""
}
}
users.sort_by { |w| w[:sam] }
return domain_query(domain_name, filter, fields)
end
# Enumerate all the computers in the given domain.
def computer_enumerate(domain_name)
request = Packet.create_request('extapi_adsi_computer_enum')
filter = "(objectClass=computer)"
fields = [
"name",
"distinguishedname",
"description",
"comment"
]
return domain_query(domain_name, filter, fields)
end
#
# Perform a generic domain query against ADSI.
#
# @param domain_name [String] The FQDN of the target domain.
# @param filter [String] The filter to apply to the query in
# LDAP format.
# @param fields [Array] Array of string fields to return for
# each result found
#
# @returns [Hash] Array of field names with associated results.
#
def domain_query(domain_name, filter, fields)
request = Packet.create_request('extapi_adsi_domain_query')
request.add_tlv(TLV_TYPE_EXT_ADSI_DOMAIN, domain_name)
request.add_tlv(TLV_TYPE_EXT_ADSI_FILTER, filter)
fields.each do |f|
request.add_tlv(TLV_TYPE_EXT_ADSI_FIELD, f)
end
response = client.send_request(request)
computers = []
response.each(TLV_TYPE_EXT_ADSI_COMP) { |c|
computers << {
:dn => c.get_tlv_value(TLV_TYPE_EXT_ADSI_COMP_DN) || "",
:name => c.get_tlv_value(TLV_TYPE_EXT_ADSI_COMP_NAME) || "",
:desc => c.get_tlv_value(TLV_TYPE_EXT_ADSI_COMP_DESC) || "",
:comment => c.get_tlv_value(TLV_TYPE_EXT_ADSI_COMP_COMMENT) || ""
results = []
response.each(TLV_TYPE_EXT_ADSI_RESULT) { |r|
result = []
r.each(TLV_TYPE_EXT_ADSI_VALUE) { |v|
result << v.value
}
results << result
}
computers.sort_by { |w| w[:name] }
return {
:fields => fields,
:results => results
}
end
attr_accessor :client

16
lib/rex/post/meterpreter/extensions/extapi/tlv.rb
View File

@ -41,18 +41,10 @@ TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMY = TLV_META_TYPE_UINT | (TLV_TYPE_E
TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DATA = TLV_META_TYPE_RAW | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 48)
TLV_TYPE_EXT_ADSI_DOMAIN = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 55)
TLV_TYPE_EXT_ADSI_COMP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 56)
TLV_TYPE_EXT_ADSI_COMP_DESC = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 57)
TLV_TYPE_EXT_ADSI_COMP_NAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 58)
TLV_TYPE_EXT_ADSI_COMP_DN = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 59)
TLV_TYPE_EXT_ADSI_COMP_COMMENT = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 60)
TLV_TYPE_EXT_ADSI_USER = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 61)
TLV_TYPE_EXT_ADSI_USER_DESC = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 62)
TLV_TYPE_EXT_ADSI_USER_NAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 63)
TLV_TYPE_EXT_ADSI_USER_DN = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 64)
TLV_TYPE_EXT_ADSI_USER_COMMENT = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 65)
TLV_TYPE_EXT_ADSI_USER_SAM = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 66)
TLV_TYPE_EXT_ADSI_USER_ATTRIB = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 67)
TLV_TYPE_EXT_ADSI_FILTER = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 56)
TLV_TYPE_EXT_ADSI_FIELD = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 57)
TLV_TYPE_EXT_ADSI_VALUE = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 58)
TLV_TYPE_EXT_ADSI_RESULT = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 59)
end
end

20
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
View File

@ -75,14 +75,12 @@ class Console::CommandDispatcher::Extapi::Adsi
'Header' => "#{domain} Users",
'Indent' => 0,
'SortIndex' => 0,
'Columns' => [
'SAM', 'Name', 'Description', 'DN', 'Comment'
]
'Columns' => users[:fields]
)
users.each { |c|
table << [c[:sam], c[:name], c[:desc], c[:dn], c[:comment]]
}
users[:results].each do |u|
table << u
end
print_line
print_line(table.to_s)
@ -134,14 +132,12 @@ class Console::CommandDispatcher::Extapi::Adsi
'Header' => "#{domain} Computers",
'Indent' => 0,
'SortIndex' => 0,
'Columns' => [
'Name', 'Description', 'DN', 'Comment'
]
'Columns' => computers[:fields]
)
computers.each { |c|
table << [c[:name], c[:desc], c[:dn], c[:comment]]
}
computers[:results].each do |c|
table << c
end
print_line
print_line(table.to_s)