Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/enum_ad_groups.rb
19592 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Auxiliary::Report

8
  include Msf::Post::Windows::LDAP

9
  #  include Msf::Post::Windows::Accounts

10


11
  USER_FIELDS = [

12
    'name',

13
    'distinguishedname',

14
    'description'

15
  ].freeze

16


17
  def initialize(info = {})

18
    super(

19
      update_info(

20
        info,

21
        'Name' => 'Windows Gather Active Directory Groups',

22
        'Description' => %q{

23
          This module will enumerate AD groups on the specified domain.

24
        },

25
        'License' => MSF_LICENSE,

26
        'Author' => [

27
          'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>'

28
        ],

29
        'Platform' => [ 'win' ],

30
        'SessionTypes' => [ 'meterpreter' ],

31
        'Notes' => {

32
          'Stability' => [CRASH_SAFE],

33
          'SideEffects' => [],

34
          'Reliability' => []

35
        }

36
      )

37
    )

38


39
    register_options([

40
      OptString.new('ADDITIONAL_FIELDS', [false, 'Additional fields to retrieve, comma separated', nil]),

41
      OptString.new('FILTER', [false, 'Customised LDAP filter', nil])

42
    ])

43
  end

44


45
  def run

46
    @user_fields = USER_FIELDS.dup

47


48
    if datastore['ADDITIONAL_FIELDS']

49
      additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/, '').split(',')

50
      @user_fields.push(*additional_fields)

51
    end

52


53
    max_search = datastore['MAX_SEARCH']

54


55
    begin

56
      f = ''

57
      f = "(#{datastore['FILTER']})" if datastore['FILTER']

58
      q = query("(&(objectClass=group)#{f})", max_search, @user_fields)

59
    rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e

60
      # Can't bind or in a network w/ limited accounts

61
      print_error(e.message)

62
      return

63
    end

64


65
    if q.nil? || q[:results].empty?

66
      print_status('No results returned.')

67
    else

68
      results_table = parse_results(q[:results])

69
      print_line results_table.to_s

70
    end

71
  end

72


73
  # Takes the results of LDAP query, parses them into a table

74
  # and records and usernames as {Metasploit::Credential::Core}s in

75
  # the database.

76
  #

77
  # @param results [Array<Array<Hash>>] The LDAP query results to parse

78
  # @return [Rex::Text::Table] The table containing all the result data

79
  def parse_results(results)

80
    # Results table holds raw string data

81
    results_table = Rex::Text::Table.new(

82
      'Header' => 'Domain Groups',

83
      'Indent' => 1,

84
      'SortIndex' => -1,

85
      'Columns' => @user_fields

86
    )

87


88
    results.each do |result|

89
      row = []

90


91
      result.each do |field|

92
        if field.nil?

93
          row << ''

94
        else

95
          row << field[:value]

96
        end

97
      end

98


99
      results_table << row

100
    end

101
    results_table

102
  end

103
end

104


105