Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::Windows::NetAPI
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Windows Gather Domain Enumeration',
14
        'Description' => %q{
15
          This module enumerates currently the domains a host can see and the domain
16
          controllers for that domain.
17
        },
18
        'License' => MSF_LICENSE,
19
        'Author' => [ 'mubix' ],
20
        'Platform' => [ 'win' ],
21
        'SessionTypes' => [ 'meterpreter' ]
22
      )
23
    )
24
  end
25

26
  def run
27
    domains = net_server_enum(SV_TYPE_DOMAIN_ENUM)
28
    return if domains.nil?
29

30
    domains.each do |domain|
31
      print_status("Enumerating DCs for #{domain[:name]}")
32
      dcs = net_server_enum(SV_TYPE_DOMAIN_BAKCTRL | SV_TYPE_DOMAIN_CTRL, domain[:name])
33

34
      if dcs.count == 0
35
        print_error('No Domain Controllers found...')
36
        next
37
      end
38

39
      dcs.each do |dc|
40
        print_good("Domain Controller: #{dc[:name]}")
41

42
        report_note(
43
          host: session,
44
          type: 'domain.hostnames',
45
          data: dc[:name],
46
          update: :unique_data
47
        )
48
      end
49
    end
50
  end
51
end
52

53