CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/enum_ad_groups.rb
Views: 11655
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Auxiliary::Report

8
  include Msf::Post::Windows::LDAP

9
  #  include Msf::Post::Windows::Accounts

10


11
  USER_FIELDS = [

12
    'name',

13
    'distinguishedname',

14
    'description'

15
  ].freeze

16


17
  def initialize(info = {})

18
    super(

19
      update_info(

20
        info,

21
        'Name' => 'Windows Gather Active Directory Groups',

22
        'Description' => %q{

23
          This module will enumerate AD groups on the specified domain.

24
        },

25
        'License' => MSF_LICENSE,

26
        'Author' => [

27
          'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>'

28
        ],

29
        'Platform' => [ 'win' ],

30
        'SessionTypes' => [ 'meterpreter' ]

31
      )

32
    )

33


34
    register_options([

35
      OptString.new('ADDITIONAL_FIELDS', [false, 'Additional fields to retrieve, comma separated', nil]),

36
      OptString.new('FILTER', [false, 'Customised LDAP filter', nil])

37
    ])

38
  end

39


40
  def run

41
    @user_fields = USER_FIELDS.dup

42


43
    if datastore['ADDITIONAL_FIELDS']

44
      additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/, '').split(',')

45
      @user_fields.push(*additional_fields)

46
    end

47


48
    max_search = datastore['MAX_SEARCH']

49


50
    begin

51
      f = ''

52
      f = "(#{datastore['FILTER']})" if datastore['FILTER']

53
      q = query("(&(objectClass=group)#{f})", max_search, @user_fields)

54
    rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e

55
      # Can't bind or in a network w/ limited accounts

56
      print_error(e.message)

57
      return

58
    end

59


60
    if q.nil? || q[:results].empty?

61
      print_status('No results returned.')

62
    else

63
      results_table = parse_results(q[:results])

64
      print_line results_table.to_s

65
    end

66
  end

67


68
  # Takes the results of LDAP query, parses them into a table

69
  # and records and usernames as {Metasploit::Credential::Core}s in

70
  # the database.

71
  #

72
  # @param results [Array<Array<Hash>>] The LDAP query results to parse

73
  # @return [Rex::Text::Table] The table containing all the result data

74
  def parse_results(results)

75
    # Results table holds raw string data

76
    results_table = Rex::Text::Table.new(

77
      'Header' => 'Domain Groups',

78
      'Indent' => 1,

79
      'SortIndex' => -1,

80
      'Columns' => @user_fields

81
    )

82


83
    results.each do |result|

84
      row = []

85


86
      result.each do |field|

87
        if field.nil?

88
          row << ''

89
        else

90
          row << field[:value]

91
        end

92
      end

93


94
      results_table << row

95
    end

96
    results_table

97
  end

98
end

99


100