rubocop
Stuart Morgan
parent
38b6ad4dbf
commit
f13ca17de0
|
|
@ -34,7 +34,7 @@ class Metasploit3 < Msf::Post
|
||||||
max_search = datastore['MAX_SEARCH']
|
max_search = datastore['MAX_SEARCH']
|
||||||
|
|
||||||
db, dbfile = create_sqlite_db
|
db, dbfile = create_sqlite_db
|
||||||
print_status "Database created: #{dbfile.to_s}"
|
print_status "Database created: #{dbfile}"
|
||||||
|
|
||||||
# Download the list of groups from Active Directory
|
# Download the list of groups from Active Directory
|
||||||
vprint_status "Retrieving AD Groups"
|
vprint_status "Retrieving AD Groups"
|
||||||
|
|
@ -43,7 +43,7 @@ class Metasploit3 < Msf::Post
|
||||||
group_fields = ['distinguishedName', 'objectSid', 'samAccountType', 'sAMAccountName', 'whenChanged', 'whenCreated', 'description']
|
group_fields = ['distinguishedName', 'objectSid', 'samAccountType', 'sAMAccountName', 'whenChanged', 'whenCreated', 'description']
|
||||||
groups = query(group_filter, max_search, group_fields)
|
groups = query(group_filter, max_search, group_fields)
|
||||||
rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
|
rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
|
||||||
print_error("Error(Group): #{e.message.to_s}")
|
print_error("Error(Group): #{e.message}")
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -61,60 +61,60 @@ class Metasploit3 < Msf::Post
|
||||||
begin
|
begin
|
||||||
|
|
||||||
# Perform the ADSI query to retrieve the effective users in each group (recursion)
|
# Perform the ADSI query to retrieve the effective users in each group (recursion)
|
||||||
vprint_status "Retrieving members of #{individual_group[3][:value].to_s}"
|
vprint_status "Retrieving members of #{individual_group[3][:value]}"
|
||||||
users_filter = "(&(objectCategory=person)(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=#{individual_group[0][:value].to_s}))"
|
users_filter = "(&(objectCategory=person)(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=#{individual_group[0][:value]}))"
|
||||||
users_in_group = query(users_filter, max_search, users_fields)
|
users_in_group = query(users_filter, max_search, users_fields)
|
||||||
next if users_in_group.nil? || users_in_group[:results].empty?
|
next if users_in_group.nil? || users_in_group[:results].empty?
|
||||||
group_sid, group_rid = sid_hex_to_string(individual_group[1][:value])
|
group_sid, group_rid = sid_hex_to_string(individual_group[1][:value])
|
||||||
|
|
||||||
# Add the group to the database
|
# Add the group to the database
|
||||||
sql_param_group = { :rid => group_rid.to_i,
|
sql_param_group = { rid: group_rid.to_i,
|
||||||
:distinguishedName => individual_group[0][:value].to_s,
|
distinguishedName: individual_group[0][:value].to_s,
|
||||||
:sAMAccountName => individual_group[3][:value].to_s,
|
sAMAccountName: individual_group[3][:value].to_s,
|
||||||
:whenChanged => individual_group[4][:value].to_s,
|
whenChanged: individual_group[4][:value].to_s,
|
||||||
:whenCreated => individual_group[5][:value].to_s,
|
whenCreated: individual_group[5][:value].to_s,
|
||||||
:description => individual_group[6][:value].to_s
|
description: individual_group[6][:value].to_s
|
||||||
}
|
}
|
||||||
run_sqlite_query(db, 'ad_groups', sql_param_group)
|
run_sqlite_query(db, 'ad_groups', sql_param_group)
|
||||||
|
|
||||||
# Go through each of the users in the group
|
# Go through each of the users in the group
|
||||||
users_in_group[:results].each do |group_user|
|
users_in_group[:results].each do |group_user|
|
||||||
user_sid, user_rid = sid_hex_to_string(group_user[1][:value])
|
user_sid, user_rid = sid_hex_to_string(group_user[1][:value])
|
||||||
print_line "Group [#{individual_group[3][:value].to_s}][#{group_rid.to_s}] has member [#{group_user[3][:value].to_s}][#{user_rid.to_s}]"
|
print_line "Group [#{individual_group[3][:value]}][#{group_rid}] has member [#{group_user[3][:value]}][#{user_rid}]"
|
||||||
|
|
||||||
# Add the group to the database
|
# Add the group to the database
|
||||||
sql_param_user = { :rid => user_rid.to_i,
|
sql_param_user = { rid: user_rid.to_i,
|
||||||
:distinguishedName => group_user[0][:value].to_s,
|
distinguishedName: group_user[0][:value].to_s,
|
||||||
:sAMAccountName => group_user[3][:value].to_s,
|
sAMAccountName: group_user[3][:value].to_s,
|
||||||
:displayName => group_user[4][:value].to_s,
|
displayName: group_user[4][:value].to_s,
|
||||||
:description => group_user[5][:value].to_s,
|
description: group_user[5][:value].to_s,
|
||||||
:logonCount => group_user[6][:value].to_i,
|
logonCount: group_user[6][:value].to_i,
|
||||||
:userPrincipalName => group_user[8][:value].to_s,
|
userPrincipalName: group_user[8][:value].to_s,
|
||||||
:whenChanged => group_user[8][:value].to_s,
|
whenChanged: group_user[8][:value].to_s,
|
||||||
:whenCreated => group_user[8][:value].to_s,
|
whenCreated: group_user[8][:value].to_s,
|
||||||
:primaryGroupID => group_user[9][:value].to_i,
|
primaryGroupID: group_user[9][:value].to_i,
|
||||||
:badPwdCount => group_user[10][:value].to_i
|
badPwdCount: group_user[10][:value].to_i
|
||||||
}
|
}
|
||||||
run_sqlite_query(db, 'ad_users', sql_param_user)
|
run_sqlite_query(db, 'ad_users', sql_param_user)
|
||||||
|
|
||||||
# Now associate the user with the group
|
# Now associate the user with the group
|
||||||
sql_param_mapping = { :user_rid => user_rid.to_i,
|
sql_param_mapping = { user_rid: user_rid.to_i,
|
||||||
:group_rid => group_rid.to_i
|
group_rid: group_rid.to_i
|
||||||
}
|
}
|
||||||
run_sqlite_query(db, 'ad_mapping', sql_param_mapping)
|
run_sqlite_query(db, 'ad_mapping', sql_param_mapping)
|
||||||
|
|
||||||
group_counter += 1
|
group_counter += 1
|
||||||
end
|
end
|
||||||
rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
|
rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
|
||||||
print_error("Error(Users): #{e.message.to_s}")
|
print_error("Error(Users): #{e.message}")
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Enumerated #{group_counter} group(s)"
|
print_status "Enumerated #{group_counter} group(s)"
|
||||||
if db and db.close
|
if db && db.close
|
||||||
f = ::File.size(dbfile.to_s)
|
f = ::File.size(dbfile.to_s)
|
||||||
print_status "Database closed: #{dbfile.to_s} at #{f} byte(s)"
|
print_status "Database closed: #{dbfile} at #{f} byte(s)"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -170,7 +170,7 @@ class Metasploit3 < Msf::Post
|
||||||
|
|
||||||
return db, filename
|
return db, filename
|
||||||
rescue SQLite3::Exception => e
|
rescue SQLite3::Exception => e
|
||||||
print_error("Error(Database): #{e.message.to_s}")
|
print_error("Error(Database): #{e.message}")
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -187,8 +187,9 @@ class Metasploit3 < Msf::Post
|
||||||
sid << rid.to_i.to_s
|
sid << rid.to_i.to_s
|
||||||
sid += data.unpack("bbbbbbbbV*")[8..-1]
|
sid += data.unpack("bbbbbbbbV*")[8..-1]
|
||||||
final_sid = "S-" + sid.join('-')
|
final_sid = "S-" + sid.join('-')
|
||||||
return final_sid, sid[-1]
|
[final_sid, sid[-1]]
|
||||||
end
|
end
|
||||||
|
|
||||||
def byte2hex(b)
|
def byte2hex(b)
|
||||||
ret = '%x' % (b.to_i & 0xff)
|
ret = '%x' % (b.to_i & 0xff)
|
||||||
ret = '0' + ret if ret.length < 2
|
ret = '0' + ret if ret.length < 2
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue