CoCalc -- enum_domains.rb

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/windows/gather/enum_domains.rb
¹⁹⁶⁶⁴ views

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::Windows::NetAPI
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Windows Gather Domain Enumeration',
14
        'Description' => %q{
15
          This module enumerates currently the domains a host can see and the domain
16
          controllers for each domain.
17
        },
18
        'License' => MSF_LICENSE,
19
        'Author' => [ 'mubix' ],
20
        'Platform' => [ 'win' ],
21
        'SessionTypes' => [ 'meterpreter' ],
22
        'Notes' => {
23
          'Stability' => [CRASH_SAFE],
24
          'Reliability' => [],
25
          'SideEffects' => []
26
        }
27
      )
28
    )
29
  end
30

31
  def run
32
    domains = net_server_enum(SV_TYPE_DOMAIN_ENUM)
33

34
    fail_with(Failure::Unknown, 'No domains found') if domains.blank?
35

36
    domains.each do |domain|
37
      print_status("Enumerating DCs for #{domain[:name]}")
38
      dcs = net_server_enum(SV_TYPE_DOMAIN_BAKCTRL | SV_TYPE_DOMAIN_CTRL, domain[:name])
39

40
      if dcs.count == 0
41
        print_error('No Domain Controllers found...')
42
        next
43
      end
44

45
      dcs.each do |dc|
46
        print_good("Domain Controller: #{dc[:name]}")
47

48
        report_note(
49
          host: session,
50
          type: 'domain.hostnames',
51
          data: { :hostnames => dc[:name] },
52
          update: :unique_data
53
        )
54
      end
55
    end
56
  end
57
end
58

59

Product

Resources

Company