Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

enum_logged_on_users.rb 3.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. ##
  2. # WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
  3. # If you'd like to improve this script, please try to port it as a post
  4. # module instead. Thank you.
  5. ##
  6. # Author: Carlos Perez at carlos_perez[at]darkoperator.com
  7. #-------------------------------------------------------------------------------
  8. ################## Variable Declarations ##################
  9. @client = client
  10. #-------------------------------------------------------------------------------
  11. ######################## Functions ########################
  12. def ls_logged
  13. sids = []
  14. sids << registry_enumkeys("HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList")
  15. tbl = Rex::Text::Table.new(
  16. 'Header' => "Logged Users",
  17. 'Indent' => 1,
  18. 'Columns' =>
  19. [
  20. "SID",
  21. "Profile Path"
  22. ])
  23. sids.flatten.each do |sid|
  24. profile_path = registry_getvaldata("HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\#{sid}","ProfileImagePath")
  25. tbl << [sid,profile_path]
  26. end
  27. print_line("\n" + tbl.to_s + "\n")
  28. end
  29. def ls_current
  30. key_base, username = "",""
  31. tbl = Rex::Text::Table.new(
  32. 'Header' => "Current Logged Users",
  33. 'Indent' => 1,
  34. 'Columns' =>
  35. [
  36. "SID",
  37. "User"
  38. ])
  39. registry_enumkeys("HKU").each do |sid|
  40. case sid
  41. when "S-1-5-18"
  42. username = "SYSTEM"
  43. tbl << [sid,username]
  44. when "S-1-5-19"
  45. username = "Local Service"
  46. tbl << [sid,username]
  47. when "S-1-5-20"
  48. username = "Network Service"
  49. tbl << [sid,username]
  50. else
  51. if sid =~ /S-1-5-21-\d*-\d*-\d*-\d*$/
  52. key_base = "HKU\\#{sid}"
  53. os = @client.sys.config.sysinfo['OS']
  54. if os =~ /(Windows 7|2008|Vista)/
  55. username = registry_getvaldata("#{key_base}\\Volatile Environment","USERNAME")
  56. elsif os =~ /(2000|NET|XP)/
  57. appdata_var = registry_getvaldata("#{key_base}\\Volatile Environment","APPDATA")
  58. username = ''
  59. if appdata_var =~ /^\w\:\D*\\(\D*)\\\D*$/
  60. username = $1
  61. end
  62. end
  63. tbl << [sid,username]
  64. end
  65. end
  66. end
  67. print_line("\n" + tbl.to_s + "\n")
  68. end
  69. #-------------------------------------------------------------------------------
  70. ####################### Options ###########################
  71. @@exec_opts = Rex::Parser::Arguments.new(
  72. "-h" => [ false, "Help menu." ],
  73. "-l" => [ false, "List SID's of users who have loged in to the host." ],
  74. "-c" => [ false, "List SID's of currently loged on users." ]
  75. )
  76. @@exec_opts.parse(args) { |opt, idx, val|
  77. case opt
  78. when "-h"
  79. print_line "Meterpreter Script for enumerating Current logged users and users that have loged in to the system."
  80. print_line(@@exec_opts.usage)
  81. raise Rex::Script::Completed
  82. when "-l"
  83. ls_logged
  84. when "-c"
  85. ls_current
  86. end
  87. }
  88. if client.platform == 'windows'
  89. if args.length == 0
  90. print_line "Meterpreter Script for enumerating Current logged users and users that have loged in to the system."
  91. print_line(@@exec_opts.usage)
  92. raise Rex::Script::Completed
  93. end
  94. else
  95. print_error("This version of Meterpreter is not supported with this Script!")
  96. raise Rex::Script::Completed
  97. end