Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Path: blob/master/modules/auxiliary/admin/dcerpc/samr_account.rb
Views: 15959
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'ruby_smb/dcerpc/client'67class MetasploitModule < Msf::Auxiliary8include Msf::Exploit::Remote::SMB::Client::Authenticated9include Msf::Exploit::Remote::DCERPC10include Msf::Auxiliary::Report11include Msf::Exploit::Remote::MsSamr::Account12include Msf::OptionalSession::SMB13include Msf::Exploit::Deprecated1415moved_from 'auxiliary/admin/dcerpc/samr_computer'1617def initialize(info = {})18super(19update_info(20info,21'Name' => 'SAMR Account Management',22'Description' => %q{23Add, lookup and delete user / machine accounts via MS-SAMR. By default24standard active directory users can add up to 10 new computers to the25domain (MachineAccountQuota). Administrative privileges however are required26to delete the created accounts, or to create/delete user accounts.27},28'License' => MSF_LICENSE,29'Author' => [30'JaGoTu', # @jagotu Original Impacket code31'Spencer McIntyre',32'smashery'33],34'References' => [35['URL', 'https://github.com/SecureAuthCorp/impacket/blob/master/examples/addcomputer.py'],36],37'Notes' => {38'Reliability' => [],39'Stability' => [],40'SideEffects' => [ IOC_IN_LOGS ],41'AKA' => ['samr_computer', 'samr_user']42},43'Actions' => [44[ 'ADD_COMPUTER', { 'Description' => 'Add a computer account' } ],45[ 'ADD_USER', { 'Description' => 'Add a user account' } ],46[ 'DELETE_ACCOUNT', { 'Description' => 'Delete a computer or user account' } ],47[ 'LOOKUP_ACCOUNT', { 'Description' => 'Lookup a computer or user account' } ]48],49'DefaultAction' => 'ADD_COMPUTER'50)51)5253register_options([54Opt::RPORT(445)55])56end5758def run59send("action_#{action.name.downcase}")60rescue MsSamrConnectionError => e61fail_with(Failure::Unreachable, e.message)62rescue MsSamrAuthenticationError => e63fail_with(Failure::NoAccess, e.message)64rescue MsSamrNotFoundError => e65fail_with(Failure::NotFound, e.message)66rescue MsSamrBadConfigError => e67fail_with(Failure::BadConfig, e.message)68rescue MsSamrUnexpectedReplyError => e69fail_with(Failure::UnexpectedReply, e.message)70rescue MsSamrUnknownError => e71fail_with(Failure::Unknown, e.message)72rescue SmbIpcAuthenticationError => e73fail_with(Failure::Unknown, e.message)74end7576def action_add_user77fail_with(Failure::BadConfig, 'This action requires ACCOUNT_NAME to be specified.') if datastore['ACCOUNT_NAME'].blank?78print_status('Adding user')79with_ipc_tree do |opts|80add_account(:user, opts)81end82end8384def action_add_computer85print_status('Adding computer')86with_ipc_tree do |opts|87add_account(:computer, opts)88end89end9091def action_delete_account92fail_with(Failure::BadConfig, 'This action requires ACCOUNT_NAME to be specified.') if datastore['ACCOUNT_NAME'].blank?93with_ipc_tree do |opts|94delete_account(opts)95end96end9798def action_lookup_account99fail_with(Failure::BadConfig, 'This action requires ACCOUNT_NAME to be specified.') if datastore['ACCOUNT_NAME'].blank?100with_ipc_tree do |opts|101lookup_account(opts)102end103end104105# @yieldparam options [Hash] If a SMB session is present, a hash with the IPC tree present. Empty hash otherwise.106# @return [void]107def with_ipc_tree108opts = {}109if session110print_status("Using existing session #{session.sid}")111self.simple = session.simple_client112opts[:tree] = simple.client.tree_connect("\\\\#{session.client.dispatcher.tcp_socket.peerhost}\\IPC$")113end114115yield opts116ensure117opts[:tree].disconnect! if opts[:tree]118end119end120121122