Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/windows/gather/enum_domains.rb
19669 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Post
7
include Msf::Post::Windows::NetAPI
8
9
def initialize(info = {})
10
super(
11
update_info(
12
info,
13
'Name' => 'Windows Gather Domain Enumeration',
14
'Description' => %q{
15
This module enumerates currently the domains a host can see and the domain
16
controllers for each domain.
17
},
18
'License' => MSF_LICENSE,
19
'Author' => [ 'mubix' ],
20
'Platform' => [ 'win' ],
21
'SessionTypes' => [ 'meterpreter' ],
22
'Notes' => {
23
'Stability' => [CRASH_SAFE],
24
'Reliability' => [],
25
'SideEffects' => []
26
}
27
)
28
)
29
end
30
31
def run
32
domains = net_server_enum(SV_TYPE_DOMAIN_ENUM)
33
34
fail_with(Failure::Unknown, 'No domains found') if domains.blank?
35
36
domains.each do |domain|
37
print_status("Enumerating DCs for #{domain[:name]}")
38
dcs = net_server_enum(SV_TYPE_DOMAIN_BAKCTRL | SV_TYPE_DOMAIN_CTRL, domain[:name])
39
40
if dcs.count == 0
41
print_error('No Domain Controllers found...')
42
next
43
end
44
45
dcs.each do |dc|
46
print_good("Domain Controller: #{dc[:name]}")
47
48
report_note(
49
host: session,
50
type: 'domain.hostnames',
51
data: { :hostnames => dc[:name] },
52
update: :unique_data
53
)
54
end
55
end
56
end
57
end
58
59