add MinRID to complement MaxRID, allowing continuing or starting from…

… a higher value from @lvarela-r7
rapid7 · Oct 20, 2017 · d715f53 · d715f53
1 parent 1319175
commit d715f53
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/modules/auxiliary/scanner/smb/smb_lookupsid.rb b/modules/auxiliary/scanner/smb/smb_lookupsid.rb
@@ -39,6 +39,7 @@ def initialize
 
     register_options(
       [
+        OptInt.new('MinRID', [ false, "Starting RID to check", 500 ]),
         OptInt.new('MaxRID', [ false, "Maximum RID to check", 4000 ])
       ],
       self.class
@@ -140,7 +141,6 @@ def smb_parse_sid_lookup(data)
 
   # Fingerprint a single host
   def run_host(ip)
-
     [[139, false], [445, true]].each do |info|
 
     @rport = info[0]
@@ -227,8 +227,10 @@ def run_host(ip)
         domain_sid || host_sid
       end
 
+      min_rid = datastore['MinRID']
       # Brute force through a common RID range
-      500.upto(datastore['MaxRID'].to_i) do |rid|
+
+      min_rid.upto(datastore['MaxRID']) do |rid|
 
         stub =
           phandle +
@@ -244,7 +246,6 @@ def run_host(ip)
           NDR.long(1) +
           NDR.long(0)
 
-
         dcerpc.call(15, stub)
         resp = dcerpc.last_response ? dcerpc.last_response.stub_data : nil
 
@@ -295,6 +296,4 @@ def run_host(ip)
     end
     end
   end
-
-
 end