Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Extapi::Adsi

Inherits:

Object

• Object
• Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Extapi::Adsi

Includes:

Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

Defined in:

lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb

Overview

Extended API ADSI management user interface.

Constant Summary

Klass =

Console::CommandDispatcher::Extapi::Adsi

DEFAULT_MAX_RESULTS =

Zero indicates “no limit”

0

DEFAULT_PAGE_SIZE =

0

@@adsi_nested_group_user_enum_opts =

Options for the adsi_nested_group_user_enum command.

Rex::Parser::Arguments.new(
  '-h' => [false, 'Help banner'],
  '-o' => [true,  'Path to output file.'],
  '-m' => [true,  'Maximum results to return.'],
  '-p' => [true,  'Result set page size.']
)

@@adsi_user_enum_opts =

Options for the adsi_user_enum command.

Rex::Parser::Arguments.new(
  '-h' => [false, 'Help banner.'],
  '-o' => [true,  'Path to output file.'],
  '-m' => [true,  'Maximum results to return.'],
  '-p' => [true,  'Result set page size.']
)

@@adsi_group_enum_opts =

Options for the adsi_group_enum command.

Rex::Parser::Arguments.new(
  '-h' => [false, 'Help banner.'],
  '-o' => [true,  'Path to output file.'],
  '-m' => [true,  'Maximum results to return.'],
  '-p' => [true,  'Result set page size.']
)

@@adsi_computer_enum_opts =

Options for the adsi_computer_enum command.

Rex::Parser::Arguments.new(
  '-h' => [false, 'Help banner.'],
  '-o' => [true,  'Path to output file.'],
  '-m' => [true,  'Maximum results to return.'],
  '-p' => [true,  'Result set page size.']
)

@@adsi_dc_enum_opts =

Options for the adsi_dc_enum command.

Rex::Parser::Arguments.new(
  '-h' => [false, 'Help banner.'],
  '-o' => [true,  'Path to output file.'],
  '-m' => [true,  'Maximum results to return.'],
  '-p' => [true,  'Result set page size.']
)

@@adsi_domain_query_opts =

Options for the adsi_domain_query command.

Rex::Parser::Arguments.new(
  '-h' => [false, 'Help banner.'],
  '-o' => [true,  'Path to output file.'],
  '-m' => [true,  'Maximum results to return.'],
  '-p' => [true,  'Result set page size.']
)

Instance Attribute Summary

Attributes included from Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary

• #adsi_computer_enum_usage ⇒ Object
• #adsi_dc_enum_usage ⇒ Object
• #adsi_domain_query_usage ⇒ Object
• #adsi_group_enum_usage ⇒ Object
• #adsi_nested_group_user_enum_usage ⇒ Object
• #adsi_user_enum_usage ⇒ Object
• #cmd_adsi_computer_enum(*args) ⇒ Object

  Enumerate domain computers.

• #cmd_adsi_dc_enum(*args) ⇒ Object

  Enumerate domain dcs.

• #cmd_adsi_domain_query(*args) ⇒ Object

  Enumerate domain objects.

• #cmd_adsi_group_enum(*args) ⇒ Object

  Enumerate domain groups.

• #cmd_adsi_nested_group_user_enum(*args) ⇒ Object

  Enumerate domain groups.

• #cmd_adsi_user_enum(*args) ⇒ Object

  Enumerate domain users.

• #commands ⇒ Object

  List of supported commands.

• #name ⇒ Object

  Name for this dispatcher.

Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

check_hash, #client, #initialize, #log_error, #msf_loaded?, set_hash

Methods included from Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #help_to_s, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_filenames, #update_prompt

Instance Method Details

#adsi_computer_enum_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 177

def adsi_computer_enum_usage
  print_line('USAGE:')
  print_line(' adsi_computer_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
  print_line
  print_line('DESCRIPTION:')
  print_line(' Enumerate all computers on the target domain.')
  print_line(@@adsi_computer_enum_opts.usage)
end

#adsi_dc_enum_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 215

def adsi_dc_enum_usage
  print_line('USAGE:')
  print_line(' adsi_dc_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
  print_line
  print_line('DESCRIPTION:')
  print_line(' Enumerate the domain controllers on the target domain.')
  print_line(@@adsi_dc_enum_opts.usage)
end

#adsi_domain_query_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 253

def adsi_domain_query_usage
  print_line('USAGE:')
  print_line(' adsi_domain_query <domain> <filter> <field 1> [field 2 [field ..]] [-h] [-m maxresults] [-p pagesize] [-o file]')
  print_line
  print_line('DESCRIPTION:')
  print_line(' Enumerates the objects on the target domain, returning the set of fields that are specified.')
  print_line(@@adsi_domain_query_opts.usage)
end

#adsi_group_enum_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 137

def adsi_group_enum_usage
  print_line('USAGE:')
  print_line(' adsi_nested_group_user_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
  print_line
  print_line('DESCRIPTION:')
  print_line(' Enumerate all groups on the target domain.')
  print_line
  print_line('EXAMPLE:')
  print_line(' The example below will list all groups on the STUFUS domain.')
  print_line('  adsi_group_enum STUFUS')
  print_line(@@adsi_group_enum_opts.usage)
end

#adsi_nested_group_user_enum_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 55

def adsi_nested_group_user_enum_usage
  print_line('USAGE:')
  print_line(' adsi_nested_group_user_enum <domain> <Group DN> [-h] [-m maxresults] [-p pagesize] [-o file]')
  print_line
  print_line('DESCRIPTION:')
  print_line(' Enumerate the users who are members of the named group, taking nested groups into account.')
  print_line(' For example, specifying the "Domain Admins" group DN will list all users who are effectively')
  print_line(' members of the Domain Admins group, even if they are in practice members of intermediary groups.')
  print_line
  print_line('EXAMPLE:')
  print_line(' The example below will list all members of the "Domain Admins" group on the STUFUS domain:')
  print_line('  adsi_nested_group_user_enum STUFUS "CN=Domain Admins,CN=Users,DC=mwrinfosecurity,DC=com"')
  print_line(@@adsi_nested_group_user_enum_opts.usage)
end

#adsi_user_enum_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 100

def adsi_user_enum_usage
  print_line('USAGE:')
  print_line(' adsi_user_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
  print_line
  print_line('DESCRIPTION:')
  print_line(' Enumerate all users on the target domain.')
  print_line(' Enumeration returns information such as the user name, SAM account name, status, comments etc')
  print_line(@@adsi_user_enum_opts.usage)
end

#cmd_adsi_computer_enum(*args) ⇒ Object

Enumerate domain computers.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 189

def cmd_adsi_computer_enum(*args)
  args.unshift('-h') if args.length == 0
  if args.include?('-h')
    adsi_computer_enum_usage
    return true
  end

  domain = args.shift
  filter = '(objectClass=computer)'
  fields = ['name', 'dnshostname', 'distinguishedname', 'operatingsystem',
            'operatingsystemversion', 'operatingsystemservicepack', 'description',
            'comment' ]
  args = [domain, filter] + fields + args
  return cmd_adsi_domain_query(*args)
end

#cmd_adsi_dc_enum(*args) ⇒ Object

Enumerate domain dcs.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 227

def cmd_adsi_dc_enum(*args)
  args.unshift('-h') if args.length == 0
  if args.include?('-h')
    adsi_dc_enum_usage
    return true
  end

  domain = args.shift
  # This LDAP filter will pull out domain controllers
  filter = '(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))'
  fields = ['name', 'dnshostname', 'distinguishedname', 'operatingsystem',
            'operatingsystemversion', 'operatingsystemservicepack', 'description', 'comment' ]
  args = [domain, filter] + fields + args
  return cmd_adsi_domain_query(*args)
end

#cmd_adsi_domain_query(*args) ⇒ Object

Enumerate domain objects.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 265

def cmd_adsi_domain_query(*args)
  page_size = DEFAULT_PAGE_SIZE
  max_results = DEFAULT_MAX_RESULTS

  args.unshift('-h') if args.length < 3
  output_file = nil

  @@adsi_domain_query_opts.parse(args) { |opt, idx, val|
    case opt
    when '-p'
      page_size = val.to_i
    when '-o'
      output_file = val
    when '-m'
      max_results = val.to_i
    when '-h'
      adsi_domain_query_usage
      return true
    end
  }

  # Assume that the flags are passed in at the end. Safe?
  switch_index = args.index { |a| a.start_with?('-') }
  if switch_index
    args = args.first(switch_index)
  end

  domain = args.shift
  filter = args.shift

  objects = client.extapi.adsi.domain_query(domain, filter, max_results, page_size, args)

  table = Rex::Ui::Text::Table.new(
    'Header'    => "#{domain} Objects",
    'Indent'    => 0,
    'SortIndex' => 0,
    'Columns'   => objects[:fields]
  )

  objects[:results].each do |c|
    table << to_table_row(c)
  end

  print_line
  print_line(table.to_s)
  print_line("Total objects: #{objects[:results].length}")
  print_line

  if output_file
    ::File.open(output_file, 'w') do |f|
      f.write("#{table.to_s}\n")
      f.write("\nTotal objects: #{objects[:results].length}\n")
    end
  end

  return true
end

#cmd_adsi_group_enum(*args) ⇒ Object

Enumerate domain groups.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 153

def cmd_adsi_group_enum(*args)
  args.unshift('-h') if args.length == 0
  if args.include?('-h')
    adsi_group_enum_usage
    return true
  end

  domain = args.shift
  filter = '(objectClass=group)'
  fields = ['name', 'distinguishedname', 'description',]
  args = [domain, filter] + fields + args
  return cmd_adsi_domain_query(*args)
end

#cmd_adsi_nested_group_user_enum(*args) ⇒ Object

Enumerate domain groups.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 73

def cmd_adsi_nested_group_user_enum(*args)
  args.unshift('-h') if args.length == 0
  if args.include?('-h') || args.length < 2
    adsi_nested_group_user_enum_usage
    return true
  end

  domain = args.shift
  groupdn = args.shift
  # This OID (canonical name = LDAP_MATCHING_RULE_IN_CHAIN) will recursively search each 'memberof' parent
  # https://support.microsoft.com/en-us/kb/275523 for more information -stufus
  filter = "(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=#{groupdn}))"
  fields = ['samaccountname', 'name', 'distinguishedname', 'description', 'comment']
  args = [domain, filter] + fields + args
  return cmd_adsi_domain_query(*args)
end

#cmd_adsi_user_enum(*args) ⇒ Object

Enumerate domain users.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 113

def cmd_adsi_user_enum(*args)
  args.unshift('-h') if args.length == 0
  if args.include?('-h')
    adsi_user_enum_usage
    return true
  end

  domain = args.shift
  filter = '(objectClass=user)'
  fields = ['samaccountname', 'name', 'distinguishedname', 'description', 'comment']
  args = [domain, filter] + fields + args
  return cmd_adsi_domain_query(*args)
end

#commands ⇒ Object

List of supported commands.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 27

def commands
  {
    'adsi_user_enum'              => 'Enumerate all users on the specified domain.',
    'adsi_group_enum'             => 'Enumerate all groups on the specified domain.',
    'adsi_nested_group_user_enum' => 'Recursively enumerate users who are effectively members of the group specified.',
    'adsi_computer_enum'          => 'Enumerate all computers on the specified domain.',
    'adsi_dc_enum'                => 'Enumerate all domain controllers on the specified domain.',
    'adsi_domain_query'           => 'Enumerate all objects on the specified domain that match a filter.'
  }
end

#name ⇒ Object

Name for this dispatcher

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb', line 41

def name
  'Extapi: ADSI Management'
end