Follow MS-LSAD and MS-LSAT spec for LSARPC & LookupSids

rapid7 · May 16, 2024 · d4778c2 · d4778c2
1 parent 6911c35
commit d4778c2
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 12 deletions.
diff --git a/lib/msf/core/exploit/remote/ms_lsarpc.rb → lib/msf/core/exploit/remote/ms_lsad.rb b/lib/msf/core/exploit/remote/ms_lsarpc.rb → lib/msf/core/exploit/remote/ms_lsad.rb
@@ -6,7 +6,7 @@
 
 module Msf
 
-  module Exploit::Remote::MsLsarpc
+  module Exploit::Remote::MsLsad
 
     include Msf::Exploit::Remote::SMB::Client::Ipc
 
@@ -69,16 +69,6 @@ def query_information_policy(policy_handle, information_class)
       )
     end
 
-    def lookup_sids(policy_handle, sids, lookup_level)
-      sids = [sids] unless sids.is_a?(Array)
-
-      self.lsarpc_pipe.lsar_lookup_sids(
-        policy_handle: policy_handle,
-        sids: sids,
-        lookup_level: lookup_level
-      )
-    end
-
     def close_policy(policy_handle)
       self.lsarpc_pipe.lsar_close_handle(
         policy_handle: policy_handle

diff --git a/lib/msf/core/exploit/remote/ms_lsat.rb b/lib/msf/core/exploit/remote/ms_lsat.rb
@@ -0,0 +1,22 @@
+###
+#
+# This mixin provides methods to look-up security identifiers on the remote SMB server.
+#
+# -*- coding: binary -*-
+
+module Msf
+
+  module Exploit::Remote::MsLsat
+
+    def lookup_sids(policy_handle, sids, lookup_level)
+      sids = [sids] unless sids.is_a?(Array)
+
+      self.lsarpc_pipe.lsar_lookup_sids(
+        policy_handle: policy_handle,
+        sids: sids,
+        lookup_level: lookup_level
+      )
+    end
+
+  end
+end
diff --git a/modules/auxiliary/scanner/smb/smb_lookupsid.rb b/modules/auxiliary/scanner/smb/smb_lookupsid.rb
@@ -7,7 +7,8 @@
 class MetasploitModule < Msf::Auxiliary
 
   # Exploit mixins should be called first
-  include Msf::Exploit::Remote::MsLsarpc
+  include Msf::Exploit::Remote::MsLsad
+  include Msf::Exploit::Remote::MsLsat
   include Msf::Exploit::Remote::DCERPC
 
   # Scanner mixin should be near last