Add user module #19696
Merged
Add user module #19696
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Also added extra error handling for when password is wrong or expired
adfoster-r7
reviewed
Dec 5, 2024
There was a problem hiding this comment.
If you're renaming the module you'll want to add additional moved_from metadata iirc
include Msf::Exploit::Deprecated
moved_from 'auxiliary/admin/dcerpc/samr_computer'
There was a problem hiding this comment.
That's nice! Thanks for the heads up.
smcintyre-r7
added
module
rn-modules
smcintyre-r7
approved these changes
Dec 10, 2024
There was a problem hiding this comment.
Everything looks good to me here. I'm just going to push a tweak to the documentation for the ADD_USER action before I land this.
Testing Output
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > run
[*] Running module against 192.168.159.10
[*] 192.168.159.10:445 - Adding computer
[*] 192.168.159.10:445 - Connecting to Security Account Manager (SAM) Remote Protocol
[*] 192.168.159.10:445 - Binding to \samr...
[+] 192.168.159.10:445 - Bound to \samr
[+] 192.168.159.10:445 - Successfully created msflab.local\DESKTOP-QCOK1YN4$
[+] 192.168.159.10:445 - Password: a1xHGSb7uTBaLkn1Y0EF3RTJBpr9eFLf
[+] 192.168.159.10:445 - SID: S-1-5-21-3978004297-3499718965-4169012971-4202
[*] Auxiliary module execution completed
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > set ACCOUNT_NAME
ACCOUNT_NAME =>
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > set ACCOUNT_NAME SullivanCGoal
ACCOUNT_NAME => SullivanCGoal
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > set ACTION ADD_USER
ACTION => ADD_USER
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > run
[*] Running module against 192.168.159.10
[*] 192.168.159.10:445 - Adding user
[*] 192.168.159.10:445 - Connecting to Security Account Manager (SAM) Remote Protocol
[*] 192.168.159.10:445 - Binding to \samr...
[+] 192.168.159.10:445 - Bound to \samr
[+] 192.168.159.10:445 - Successfully created msflab.local\SullivanCGoal
[+] 192.168.159.10:445 - Password: psZXxliWjuESCUeXPSKoYA1gbFqBf3oT
[+] 192.168.159.10:445 - SID: S-1-5-21-3978004297-3499718965-4169012971-4203
[*] Auxiliary module execution completed
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > lookup_account
[*] Running module against 192.168.159.10
[*] 192.168.159.10:445 - Connecting to Security Account Manager (SAM) Remote Protocol
[*] 192.168.159.10:445 - Binding to \samr...
[+] 192.168.159.10:445 - Bound to \samr
[+] 192.168.159.10:445 - Found msflab.local\SullivanCGoal (SID: S-1-5-21-3978004297-3499718965-4169012971-4203)
[*] Auxiliary module execution completed
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > lookup_account ACCOUNT_NAME=DESKTOP-QCOK1YN4$
[*] Running module against 192.168.159.10
[*] 192.168.159.10:445 - Connecting to Security Account Manager (SAM) Remote Protocol
[*] 192.168.159.10:445 - Binding to \samr...
[+] 192.168.159.10:445 - Bound to \samr
[+] 192.168.159.10:445 - Found msflab.local\DESKTOP-QCOK1YN4$ (SID: S-1-5-21-3978004297-3499718965-4169012971-4202)
[*] Auxiliary module execution completed
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > delete_account
[*] Running module against 192.168.159.10
[*] 192.168.159.10:445 - Connecting to Security Account Manager (SAM) Remote Protocol
[*] 192.168.159.10:445 - Binding to \samr...
[+] 192.168.159.10:445 - Bound to \samr
[+] 192.168.159.10:445 - The specified account has been deleted.
[*] Auxiliary module execution completed
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > lookup_account
[*] Running module against 192.168.159.10
[*] 192.168.159.10:445 - Connecting to Security Account Manager (SAM) Remote Protocol
[*] 192.168.159.10:445 - Binding to \samr...
[+] 192.168.159.10:445 - Bound to \samr
[-] 192.168.159.10:445 - Auxiliary aborted due to failure: not-found: The account was not found.
[*] Auxiliary module execution completed
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > unset ACCOUNT_NAME
Unsetting ACCOUNT_NAME...
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) > add_user
[*] Running module against 192.168.159.10
[-] 192.168.159.10:445 - Auxiliary aborted due to failure: bad-config: This action requires ACCOUNT_NAME to be specified.
[*] Auxiliary module execution completed
metasploit-framework.pr (S:0 J:0) auxiliary(admin/dcerpc/samr_account) >
Release NotesThis updates replaces the existing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This modifies the existing
samr_computeraccount to enable adding user accounts as well.Verification
List the steps needed to make sure this thing works
msfconsoleuse auxiliary/scanner/smb/smb_loginset action ADD_USERset account_name new.useraccount_passwordrunlookup_accountanddelete_accountactionsDemo