Lucene search
K

Windows Gather Active Directory Groups

🗓️ 28 Aug 2015 14:10:48Reported by Stuart Morgan <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 43 Views

This module will enumerate AD groups on the specified domain

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Auxiliary::Report
  include Msf::Post::Windows::LDAP
  #  include Msf::Post::Windows::Accounts

  USER_FIELDS = [
    'name',
    'distinguishedname',
    'description'
  ].freeze

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Gather Active Directory Groups',
        'Description' => %q{
          This module will enumerate AD groups on the specified domain.
        },
        'License' => MSF_LICENSE,
        'Author' => [
          'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>'
        ],
        'Platform' => [ 'win' ],
        'SessionTypes' => [ 'meterpreter' ]
      )
    )

    register_options([
      OptString.new('ADDITIONAL_FIELDS', [false, 'Additional fields to retrieve, comma separated', nil]),
      OptString.new('FILTER', [false, 'Customised LDAP filter', nil])
    ])
  end

  def run
    @user_fields = USER_FIELDS.dup

    if datastore['ADDITIONAL_FIELDS']
      additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/, '').split(',')
      @user_fields.push(*additional_fields)
    end

    max_search = datastore['MAX_SEARCH']

    begin
      f = ''
      f = "(#{datastore['FILTER']})" if datastore['FILTER']
      q = query("(&(objectClass=group)#{f})", max_search, @user_fields)
    rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
      # Can't bind or in a network w/ limited accounts
      print_error(e.message)
      return
    end

    if q.nil? || q[:results].empty?
      print_status('No results returned.')
    else
      results_table = parse_results(q[:results])
      print_line results_table.to_s
    end
  end

  # Takes the results of LDAP query, parses them into a table
  # and records and usernames as {Metasploit::Credential::Core}s in
  # the database.
  #
  # @param results [Array<Array<Hash>>] The LDAP query results to parse
  # @return [Rex::Text::Table] The table containing all the result data
  def parse_results(results)
    # Results table holds raw string data
    results_table = Rex::Text::Table.new(
      'Header' => 'Domain Groups',
      'Indent' => 1,
      'SortIndex' => -1,
      'Columns' => @user_fields
    )

    results.each do |result|
      row = []

      result.each do |field|
        if field.nil?
          row << ''
        else
          row << field[:value]
        end
      end

      results_table << row
    end
    results_table
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

06 Mar 2023 02:15Current
6.8Medium risk
Vulners AI Score6.8
43