Module: Msf::Exploit::Remote::MsSamr
Defined Under Namespace
Modules: Account Classes: MsSamrAuthenticationError, MsSamrBadConfigError, MsSamrConnectionError, MsSamrError, MsSamrNotFoundError, MsSamrUnexpectedReplyError, MsSamrUnknownError, SamrConnection
Constant Summary
Constants included from SMB::Client
SMB::Client::CONST, SMB::Client::DCERPCClient, SMB::Client::DCERPCPacket, SMB::Client::DCERPCResponse, SMB::Client::DCERPCUUID, SMB::Client::NDR, SMB::Client::SIMPLE, SMB::Client::XCEPT
Instance Attribute Summary
Attributes included from SMB::Client
Attributes included from Tcp
Class Method Summary collapse
Methods included from SMB::Client::Ipc
Methods included from Auxiliary::Report
#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot
Methods included from Metasploit::Framework::Require
optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines
Methods included from SMB::Client::Authenticated
Methods included from Kerberos::ServiceAuthenticator::Options
Methods included from Kerberos::Ticket::Storage
#initialize, #kerberos_storage_options, #kerberos_ticket_storage, store_ccache
Methods included from SMB::Client
#connect, #domain, #domain_username_split, #initialize, #smb_create, #smb_direct, #smb_enumprinters, #smb_enumprintproviders, #smb_file_exist?, #smb_file_rm, #smb_fingerprint, #smb_fingerprint_windows_lang, #smb_fingerprint_windows_sp, #smb_hostname, #smb_lanman_netshareenumall, #smb_login, #smb_lookup_share_type, #smb_netshareenumall, #smb_netsharegetinfo, #smb_open, #smb_peer_lm, #smb_peer_os, #smb_srvsvc_netshareenumall, #smb_srvsvc_netsharegetinfo, #smbhost, #splitname, #unicode
Methods included from Tcp
#chost, #cleanup, #connect, #connect_timeout, #cport, #disconnect, #handler, #initialize, #lhost, #lport, #peer, #print_prefix, #proxies, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version
Class Method Details
.connect_samr(tree) ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/msf/core/exploit/remote/ms_samr.rb', line 25 def connect_samr(tree) begin vprint_status('Connecting to Security Account Manager (SAM) Remote Protocol') samr = tree.open_file(filename: 'samr', write: true, read: true) vprint_status('Binding to \\samr...') samr.bind(endpoint: RubySMB::Dcerpc::Samr) vprint_good('Bound to \\samr') server_handle = samr.samr_connect rescue RubySMB::Dcerpc::Error::FaultError => e elog(e., error: e) raise MsSamrUnexpectedReplyError, "Connection failed (DCERPC fault: #{e.status_name})" end if domain.blank? || domain == '.' all_domains = samr.samr_enumerate_domains_in_sam_server(server_handle: server_handle).map(&:to_s).map(&:encode) all_domains.delete('Builtin') if all_domains.empty? raise MsSamrNotFoundError, 'No domains were found on the SAM server.' elsif all_domains.length > 1 print_status("Enumerated domains: #{all_domains.join(', ')}") raise MsSamrBadConfigError, 'The SAM server has more than one domain, the target must be specified.' end domain_name = all_domains.first print_status("Using automatically identified domain: #{domain_name}") else domain_name = domain end domain_sid = samr.samr_lookup_domain(server_handle: server_handle, name: domain_name) domain_handle = samr.samr_open_domain(server_handle: server_handle, domain_id: domain_sid) SamrConnection.new(samr, server_handle, domain_handle, domain_name) rescue RubySMB::Dcerpc::Error::DcerpcError => e elog(e., error: e) raise MsSamrUnexpectedReplyError, e. rescue RubySMB::Error::RubySMBError elog(e., error: e) raise MsSamrUnknownError, e. end |