Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding NetrWkstaUserEnum implementation #270

Merged
merged 6 commits into from
Sep 11, 2024
Merged

Adding NetrWkstaUserEnum implementation #270

merged 6 commits into from
Sep 11, 2024

Conversation

NtAlexio2
Copy link
Contributor

This PR adds this request. By this we can modernize an old style Metasploit module here, just like #19170

Verification Steps

  • [✅] bundle install

rake spec

  • [✅] rake spec
  • [✅] VERIFY no failures

@smcintyre-r7 smcintyre-r7 self-assigned this Sep 3, 2024
smcintyre-r7
smcintyre-r7 requested changes Sep 3, 2024
View reviewed changes
lib/ruby_smb/dcerpc/wkssvc.rb Outdated Show resolved Hide resolved
lib/ruby_smb/dcerpc/wkssvc.rb Outdated Show resolved Hide resolved
lib/ruby_smb/dcerpc/wkssvc.rb Outdated Show resolved Hide resolved
lib/ruby_smb/dcerpc/wkssvc.rb Outdated Show resolved Hide resolved
lib/ruby_smb/dcerpc/wkssvc.rb Outdated Show resolved Hide resolved
lib/ruby_smb/dcerpc/wkssvc.rb Outdated Show resolved Hide resolved
@NtAlexio2
Copy link
Contributor Author

Thank you very much, @smcintyre-r7, for your valuable suggestions! This was my first experience working with Ruby and the Metasploit Framework, and your insights have been incredibly helpful.

smcintyre-r7
smcintyre-r7 reviewed Sep 4, 2024
View reviewed changes
Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added some suggestions to fix some changes that were missing from the refactoring. I also figured out why the tests are failing and opened a PR with changes in #271 to fix it.

With all of the changes in place, the unit tests should be passing. Would you be able to rebase the branch to squash the history down a bit?

lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response.rb Outdated Show resolved Hide resolved
lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request.rb Outdated Show resolved Hide resolved
spec/lib/ruby_smb/dcerpc/wkssvc_spec.rb Outdated Show resolved Hide resolved
@NtAlexio2
Copy link
Contributor Author

@smcintyre-r7 sure!

@NtAlexio2 NtAlexio2 force-pushed the feature/NetrWkstaUserEnum/enumuser_domain branch from f616103 to 563542e Compare September 8, 2024 07:01
@smcintyre-r7
Copy link
Contributor

Changes are looking good to me. I tested things by updating the examples/get_computer_info.rb script and then targeted a DC I used for testing. I logged into the DC and was able to observe my name show up.

Quick patch for testing:

git diff
diff --git a/examples/get_computer_info.rb b/examples/get_computer_info.rb
index 55ee17f..035b9e7 100644
--- a/examples/get_computer_info.rb
+++ b/examples/get_computer_info.rb
@@ -37,6 +37,10 @@ puts "Computer Name: #{info.wki100_computername.encode('utf-8')}"
 puts "LAN Group: #{info.wki100_langroup.encode('utf-8')}"
 puts "OS Version: #{info.wki100_ver_major}.#{info.wki100_ver_minor}"
 
+info = wkssvc.netr_wksta_user_enum
+require 'pry'
+binding.pry
+
 client.disconnect!

  : ruby_smb.pr: 27009:29:33 fedora-vm ruby_smb.pr bundle exec ruby examples/get_computer_info.rb 192.168.159.10 'smcintyre' 'Password1!'
SMB3 : (0x00000000) STATUS_SUCCESS: The operation completed successfully.
Binding to \wkssvc...
Bound to \wkssvc
[+] WKSSVC Connect
Platform: Win
Computer Name: DC
LAN Group: MSFLAB
OS Version: 10.0

From: /home/smcintyre/Repositories/ruby_smb.pr/examples/get_computer_info.rb:42 :

    37: puts "LAN Group: #{info.wki100_langroup.encode('utf-8')}"
    38: puts "OS Version: #{info.wki100_ver_major}.#{info.wki100_ver_minor}"
    39: 
    40: info = wkssvc.netr_wksta_user_enum
    41: require 'pry'
 => 42: binding.pry
    43: 
    44: client.disconnect!
    45: 
    46: 

[1] pry(main)> info
=> {:wkui0_entries_read=>9,
 :wkui0_buffer=>
  [{:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"}]}
[2] pry(main)> ssh 
[2] pry(main)> 

email: [email protected]                                                                                                                          
  !: ruby_smb.pr: 27009:40:42 fedora-vm ruby_smb.pr bundle exec ruby examples/get_computer_info.rb 192.168.159.10 'smcintyre' 'Password1!'
SMB3 : (0x00000000) STATUS_SUCCESS: The operation completed successfully.
Binding to \wkssvc...
Bound to \wkssvc
[+] WKSSVC Connect
Platform: Win
Computer Name: DC
LAN Group: MSFLAB
OS Version: 10.0

From: /home/smcintyre/Repositories/ruby_smb.pr/examples/get_computer_info.rb:42 :

    37: puts "LAN Group: #{info.wki100_langroup.encode('utf-8')}"
    38: puts "OS Version: #{info.wki100_ver_major}.#{info.wki100_ver_minor}"
    39: 
    40: info = wkssvc.netr_wksta_user_enum
    41: require 'pry'
 => 42: binding.pry
    43: 
    44: client.disconnect!
    45: 
    46: 

[1] pry(main)> info
=> {:wkui0_entries_read=>11,
 :wkui0_buffer=>
  [{:wkui0_username=>"smcintyre"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"},
   {:wkui0_username=>"DC$"}]}
[2] pry(main)> info.wkui0_buffer
=> [{:wkui0_username=>"smcintyre"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"},
 {:wkui0_username=>"DC$"}]
[3] pry(main)> info.wkui0_buffer.length
=> 11
[4] pry(main)>

@smcintyre-r7 smcintyre-r7 force-pushed the feature/NetrWkstaUserEnum/enumuser_domain branch from 3d8abc1 to eaf2a64 Compare September 11, 2024 14:19
@smcintyre-r7 smcintyre-r7 merged commit ce82cb4 into rapid7:master Sep 11, 2024
6 checks passed
smcintyre-r7
smcintyre-r7 reviewed Sep 11, 2024
View reviewed changes
Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unit tests pass from a merged branch incorporating the changes from my last PR and last commit.

@NtAlexio2 NtAlexio2 deleted the feature/NetrWkstaUserEnum/enumuser_domain branch September 13, 2024 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smcintyre-r7 smcintyre-r7 smcintyre-r7 requested changes

Assignees

@smcintyre-r7 smcintyre-r7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NtAlexio2 @smcintyre-r7