From d4778c28fd4ac64a310f9cdce454d233b6ca0740 Mon Sep 17 00:00:00 2001 From: sjanusz-r7 Date: Thu, 16 May 2024 10:45:25 +0100 Subject: [PATCH] Follow MS-LSAD and MS-LSAT spec for LSARPC & LookupSids --- .../remote/{ms_lsarpc.rb => ms_lsad.rb} | 12 +--------- lib/msf/core/exploit/remote/ms_lsat.rb | 22 +++++++++++++++++++ .../auxiliary/scanner/smb/smb_lookupsid.rb | 3 ++- 3 files changed, 25 insertions(+), 12 deletions(-) rename lib/msf/core/exploit/remote/{ms_lsarpc.rb => ms_lsad.rb} (91%) create mode 100644 lib/msf/core/exploit/remote/ms_lsat.rb diff --git a/lib/msf/core/exploit/remote/ms_lsarpc.rb b/lib/msf/core/exploit/remote/ms_lsad.rb similarity index 91% rename from lib/msf/core/exploit/remote/ms_lsarpc.rb rename to lib/msf/core/exploit/remote/ms_lsad.rb index 42c70d3cc8278..e481c9b9ffb43 100644 --- a/lib/msf/core/exploit/remote/ms_lsarpc.rb +++ b/lib/msf/core/exploit/remote/ms_lsad.rb @@ -6,7 +6,7 @@ module Msf - module Exploit::Remote::MsLsarpc + module Exploit::Remote::MsLsad include Msf::Exploit::Remote::SMB::Client::Ipc @@ -69,16 +69,6 @@ def query_information_policy(policy_handle, information_class) ) end - def lookup_sids(policy_handle, sids, lookup_level) - sids = [sids] unless sids.is_a?(Array) - - self.lsarpc_pipe.lsar_lookup_sids( - policy_handle: policy_handle, - sids: sids, - lookup_level: lookup_level - ) - end - def close_policy(policy_handle) self.lsarpc_pipe.lsar_close_handle( policy_handle: policy_handle diff --git a/lib/msf/core/exploit/remote/ms_lsat.rb b/lib/msf/core/exploit/remote/ms_lsat.rb new file mode 100644 index 0000000000000..1b979f0c74b0b --- /dev/null +++ b/lib/msf/core/exploit/remote/ms_lsat.rb @@ -0,0 +1,22 @@ +### +# +# This mixin provides methods to look-up security identifiers on the remote SMB server. +# +# -*- coding: binary -*- + +module Msf + + module Exploit::Remote::MsLsat + + def lookup_sids(policy_handle, sids, lookup_level) + sids = [sids] unless sids.is_a?(Array) + + self.lsarpc_pipe.lsar_lookup_sids( + policy_handle: policy_handle, + sids: sids, + lookup_level: lookup_level + ) + end + + end +end diff --git a/modules/auxiliary/scanner/smb/smb_lookupsid.rb b/modules/auxiliary/scanner/smb/smb_lookupsid.rb index c10e2aee2ba45..90bca3a7b9134 100644 --- a/modules/auxiliary/scanner/smb/smb_lookupsid.rb +++ b/modules/auxiliary/scanner/smb/smb_lookupsid.rb @@ -7,7 +7,8 @@ class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first - include Msf::Exploit::Remote::MsLsarpc + include Msf::Exploit::Remote::MsLsad + include Msf::Exploit::Remote::MsLsat include Msf::Exploit::Remote::DCERPC # Scanner mixin should be near last