-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathenum_logged_on_users.rb
94 lines (92 loc) · 2.79 KB
/
enum_logged_on_users.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@client = client
#-------------------------------------------------------------------------------
######################## Functions ########################
def ls_logged
sids = []
sids << registry_enumkeys("HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList")
tbl = Rex::Ui::Text::Table.new(
'Header' => "Logged Users",
'Indent' => 1,
'Columns' =>
[
"SID",
"Profile Path"
])
sids.flatten.each do |sid|
profile_path = registry_getvaldata("HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\#{sid}","ProfileImagePath")
tbl << [sid,profile_path]
end
print_line("\n" + tbl.to_s + "\n")
end
def ls_current
key_base, username = "",""
tbl = Rex::Ui::Text::Table.new(
'Header' => "Current Logged Users",
'Indent' => 1,
'Columns' =>
[
"SID",
"User"
])
registry_enumkeys("HKU").each do |sid|
case sid
when "S-1-5-18"
username = "SYSTEM"
tbl << [sid,username]
when "S-1-5-19"
username = "Local Service"
tbl << [sid,username]
when "S-1-5-20"
username = "Network Service"
tbl << [sid,username]
else
if sid =~ /S-1-5-21-\d*-\d*-\d*-\d*$/
key_base = "HKU\\#{sid}"
os = @client.sys.config.sysinfo['OS']
if os =~ /(Windows 7|2008|Vista)/
username = registry_getvaldata("#{key_base}\\Volatile Environment","USERNAME")
elsif os =~ /(2000|NET|XP)/
appdata_var = registry_getvaldata("#{key_base}\\Volatile Environment","APPDATA")
username = ''
if appdata_var =~ /^\w\:\D*\\(\D*)\\\D*$/
username = $1
end
end
tbl << [sid,username]
end
end
end
print_line("\n" + tbl.to_s + "\n")
end
#-------------------------------------------------------------------------------
####################### Options ###########################
@@exec_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help menu." ],
"-l" => [ false, "List SID's of users who have loged in to the host." ],
"-c" => [ false, "List SID's of currently loged on users." ]
)
@@exec_opts.parse(args) { |opt, idx, val|
case opt
when "-h"
print_line "Meterpreter Script for enumerating Current logged users and users that have loged in to the system."
print_line(@@exec_opts.usage)
raise Rex::Script::Completed
when "-l"
ls_logged
when "-c"
ls_current
end
}
if client.platform =~ /win32|win64/
if args.length == 0
print_line "Meterpreter Script for enumerating Current logged users and users that have loged in to the system."
print_line(@@exec_opts.usage)
raise Rex::Script::Completed
end
else
print_error("This version of Meterpreter is not supported with this Script!")
raise Rex::Script::Completed
end