modules/post/windows/gather/enum_ad_user_comments.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Auxiliary::Report
  include Msf::Post::Windows::LDAP

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name'	=> 'Windows Gather Active Directory User Comments',
        'Description' => %q{
          This module will enumerate user accounts in the default Active Domain (AD) directory which
          contain 'pass' in their description or comment (case-insensitive) by default. In some cases,
          such users have their passwords specified in these fields.
        },
        'License' => MSF_LICENSE,
        'Author' => [ 'Ben Campbell' ],
        'Platform' => [ 'win' ],
        'SessionTypes' => [ 'meterpreter' ],
        'References' => [
          ['URL', 'http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx'],
        ]
      )
    )

    register_options([
      OptBool.new('STORE_LOOT', [true, 'Store file in loot.', false]),
      OptString.new('FIELDS', [true, 'Fields to retrieve.', 'userPrincipalName,sAMAccountName,userAccountControl,comment,description']),
      OptString.new('FILTER', [true, 'Search filter.', '(&(&(objectCategory=person)(objectClass=user))(|(description=*pass*)(comment=*pass*)))']),
    ])
  end

  def run
    fields = datastore['FIELDS'].gsub(/\s+/, '').split(',')
    search_filter = datastore['FILTER']
    max_search = datastore['MAX_SEARCH']

    begin
      q = query(search_filter, max_search, fields)
      if q.nil? || q[:results].empty?
        return
      end
    rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
      # Can't bind or in a network w/ limited accounts
      print_error(e.message)
      return
    end

    # Results table holds raw string data
    results_table = Rex::Text::Table.new(
      'Header' => 'Domain Users',
      'Indent' => 1,
      'SortIndex' => -1,
      'Columns' => fields
    )

    q[:results].each do |result|
      row = []

      result.each do |field|
        if field[:value].nil?
          row << ''
        else
          row << field[:value]

        end
      end

      results_table << row
    end

    print_line results_table.to_s

    if datastore['STORE_LOOT']
      stored_path = store_loot('ad.users', 'text/plain', session, results_table.to_csv)
      print_good("Results saved to: #{stored_path}")
    end
  end
end
Initial commit 2013-11-07 20:48:15 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Initial commit 2013-11-07 20:48:15 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Post`
Initial commit 2013-11-07 20:48:15 +00:00			`include Msf::Auxiliary::Report`
Use post mixin 2013-11-23 22:07:07 +00:00			`include Msf::Post::Windows::LDAP`
Initial commit 2013-11-07 20:48:15 +00:00
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`def initialize(info = {})`
			`super(`
			`update_info(`
			`info,`
			`'Name' => 'Windows Gather Active Directory User Comments',`
			`'Description' => %q{`
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00			`This module will enumerate user accounts in the default Active Domain (AD) directory which`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`contain 'pass' in their description or comment (case-insensitive) by default. In some cases,`
			`such users have their passwords specified in these fields.`
Initial commit 2013-11-07 20:48:15 +00:00			`},`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`'License' => MSF_LICENSE,`
			`'Author' => [ 'Ben Campbell' ],`
			`'Platform' => [ 'win' ],`
Initial commit 2013-11-07 20:48:15 +00:00			`'SessionTypes' => [ 'meterpreter' ],`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`'References' => [`
Initial commit 2013-11-07 20:48:15 +00:00			`['URL', 'http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx'],`
			`]`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`)`
			`)`
Initial commit 2013-11-07 20:48:15 +00:00
			`register_options([`
			`OptBool.new('STORE_LOOT', [true, 'Store file in loot.', false]),`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`OptString.new('FIELDS', [true, 'Fields to retrieve.', 'userPrincipalName,sAMAccountName,userAccountControl,comment,description']),`
			`OptString.new('FILTER', [true, 'Search filter.', '(&(&(objectCategory=person)(objectClass=user))(\|(description=pass)(comment=pass)))']),`
Fix msf/core and self.class msftidy warnings 2017-05-03 15:42:21 -05:00			`])`
Initial commit 2013-11-07 20:48:15 +00:00			`end`

			`def run`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`fields = datastore['FIELDS'].gsub(/\s+/, '').split(',')`
Initial commit 2013-11-07 20:48:15 +00:00			`search_filter = datastore['FILTER']`
Update for extapi 2013-12-20 13:18:01 +00:00			`max_search = datastore['MAX_SEARCH']`
Initial commit 2013-11-07 20:48:15 +00:00
RuntimeError exception should be handled. 2014-02-07 12:16:15 -06:00			`begin`
			`q = query(search_filter, max_search, fields)`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`if q.nil? \|\| q[:results].empty?`
RuntimeError exception should be handled. 2014-02-07 12:16:15 -06:00			`return`
			`end`
Different way to write this 2014-02-12 15:08:20 -06:00			`rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e`
			`# Can't bind or in a network w/ limited accounts`
			`print_error(e.message)`
			`return`
Initial commit 2013-11-07 20:48:15 +00:00			`end`

			`# Results table holds raw string data`
replace old rex::ui::text::table refs 2016-08-10 13:30:09 -05:00			`results_table = Rex::Text::Table.new(`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`'Header' => 'Domain Users',`
			`'Indent' => 1,`
			`'SortIndex' => -1,`
			`'Columns' => fields`
			`)`
Initial commit 2013-11-07 20:48:15 +00:00
Update for extapi 2013-12-20 13:18:01 +00:00			`q[:results].each do \|result\|`
Initial commit 2013-11-07 20:48:15 +00:00			`row = []`

Update for extapi 2013-12-20 13:18:01 +00:00			`result.each do \|field\|`
Make sure we get the field :value 2014-12-13 18:13:36 +00:00			`if field[:value].nil?`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`row << ''`
Initial commit 2013-11-07 20:48:15 +00:00			`else`
Make sure we get the field :value 2014-12-13 18:13:36 +00:00			`row << field[:value]`

Initial commit 2013-11-07 20:48:15 +00:00			`end`
			`end`

			`results_table << row`
			`end`

			`print_line results_table.to_s`
Update for extapi 2013-12-20 13:18:01 +00:00
Initial commit 2013-11-07 20:48:15 +00:00			`if datastore['STORE_LOOT']`
			`stored_path = store_loot('ad.users', 'text/plain', session, results_table.to_csv)`
OCD - store_loot & print_good 2017-07-19 13:02:49 +01:00			`print_good("Results saved to: #{stored_path}")`
Initial commit 2013-11-07 20:48:15 +00:00			`end`
			`end`
			`end`