netapi32 enhancements and new post module, add_user #680

Closed
wants to merge 3 commits into
from

2 participants

@calennert

Adds additional netapi32.dll functions to def_netapi32.rb. This improves the coverage of functions offered by this DLL.

Adds new post module, post/windows/manage/add_user, to complement the existing delete_user module. With this addition, Windows local user accounts can be both created and deleted.

calennert added some commits Aug 9, 2012
@calennert calennert Added additional netapi32.dll functions. e27369c
@calennert calennert Added add_user method to accounts module.
This complements the existing delete_user method in the same
module, thereby permitting both the creation and deletion of
local user accounts in Windows.
b3137db
@calennert calennert Added post module for adding local user accounts.
This complements the existing post/windows/manage/delete_user module.
22afd08
@jlee-r7 jlee-r7 commented on the diff Sep 4, 2012
lib/msf/core/post/windows/accounts.rb
@@ -177,6 +268,35 @@ def lookup_SID_NAME_USE(enum_value)
:integrity_label
][enum_value - 1]
end
+
+ ##
+ # Writes a ruby string as null-terminated Unicode string to host's memory.
+ # Returns:
+ # The affected memory address, if all goes well
+ # Or 0 if value argument is nil
+ # Or nil if an error occurs
+ ##
+ def set_value(value)
@jlee-r7
jlee-r7 added a line comment Sep 4, 2012

Poorly named method. Should be something more descriptive, like alloc_and_write_str. Also has nothing to do with Windows accounts and therefore belongs in a different mixin, probably Windows::Railgun

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@jlee-r7 jlee-r7 commented on the diff Oct 22, 2012
lib/msf/core/post/windows/accounts.rb
+ # One of the following:
+ # :success - Account was created successfully
+ # :access_denied - You do not have permission to add the account
+ # :user_exists - A user account with +username+ already exists
+ # :group_exists - Group exists (unclear why NetUserAdd would return this, but it does)
+ # :invalid_server - The server name provided was invalid
+ # :not_on_primary - Operation allowed only on domain controller
+ # :invalid_password - Password violates password policy somehow (complexity, length, etc.)
+ #
+ # OR nil if there was an exceptional windows error (example: ran out of memory)
+ #
+ # Caveats:
+ # nil is returned if there is an *exceptional* windows error. That error is printed.
+ # Everything other than ':success' signifies failure
+ ##
+ def add_user(username, password = nil, comment = nil, dont_expire_pwd = false, server_name = nil)
@jlee-r7
jlee-r7 added a line comment Oct 22, 2012

Should check for existence of railgun before attempting to use it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@bperry-r7

Closed due to inactivity and being unable to be merged cleanly. If you would like to resubmit at a later date, please do.

@bperry-r7 bperry-r7 closed this Jan 12, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment