Path: blob/master/modules/post/windows/gather/enum_domains.rb
19664 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::Windows::NetAPI78def initialize(info = {})9super(10update_info(11info,12'Name' => 'Windows Gather Domain Enumeration',13'Description' => %q{14This module enumerates currently the domains a host can see and the domain15controllers for each domain.16},17'License' => MSF_LICENSE,18'Author' => [ 'mubix' ],19'Platform' => [ 'win' ],20'SessionTypes' => [ 'meterpreter' ],21'Notes' => {22'Stability' => [CRASH_SAFE],23'Reliability' => [],24'SideEffects' => []25}26)27)28end2930def run31domains = net_server_enum(SV_TYPE_DOMAIN_ENUM)3233fail_with(Failure::Unknown, 'No domains found') if domains.blank?3435domains.each do |domain|36print_status("Enumerating DCs for #{domain[:name]}")37dcs = net_server_enum(SV_TYPE_DOMAIN_BAKCTRL | SV_TYPE_DOMAIN_CTRL, domain[:name])3839if dcs.count == 040print_error('No Domain Controllers found...')41next42end4344dcs.each do |dc|45print_good("Domain Controller: #{dc[:name]}")4647report_note(48host: session,49type: 'domain.hostnames',50data: { :hostnames => dc[:name] },51update: :unique_data52)53end54end55end56end575859