Re: domain_list_gen script errors

[Carlos Perez <carlos_perez () darkoperator com>]

just in case here is the output

meterpreter > run domain_list_gen
[*] found users will be saved to
/home/carlos/.msf3/logs/domain_admins/AWIN2K301_20100425.5446-76969/AWIN2K301_20100425.5446-76969.txt
[*] Accounts Found:
[*] ACMEPRODINC\Administrator
[*] ACMEPRODINC\carlos perez
[*] ACMEPRODINC\carlos.perez
[*] ACMEPRODINC\carlos_perez
[*] ACMEPRODINC\domadmin
[*] Current sessions running as ACMEPRODINC\carlos.perez is a Domain Admin!!
meterpreter >

On Sun, Apr 25, 2010 at 1:55 AM, Sherif Eldeeb <archeldeeb () gmail com> wrote:

> meterpreter > run domain_list_gen
> [*] found users will be saved to
>
> /root/.msf3/logs/domain_admins/SHERIFELDEEB_20100425.3043-38619/SHERIFELDEEB
> _20100425.3043-38619.txt
> [*] Accounts Found:
> [*]     FOOBAR\Administrator
> [*]     FOOBAR\Tmpl
> [*]     FOOBAR\testAdmin
> [*]     FOOBAR\Ahmed
> [*]     FOOBAR\SBS
> [*]     FOOBAR\Backup
> [*]     FOOBAR\User
> [*]     FOOBAR\SherifEldeeb
> [-] Current session is not running as Domain Admin
> meterpreter >
>
> ------------------------------------------
>
> C:\Users\sherifeldeeb>net group "Domain Admins" /domain
> The request will be processed at a domain controller for domain FOOBAR.COM
> .
>
> Group name     Domain Admins
> Comment        Designated administrators of the domain
>
> Members
>
>
> ----------------------------------------------------------------------------
> ---
> Administrator Tmpl       testAdmin                    Ahmed.Aly
> SBS Backup User          SherifEldeeb
> The command completed successfully.
>
>
> C:\Users\sherifeldeeb>
>
> ------------------------------------------
>
> Here's what happened:
> . User names with spaces are being separated as different users, using
> space
> as delimiter, . i.e. Single USER:"SBS Backup User" will be identified as
> three users, USER:"SBS", USER:"BACKUP" and USER:"USER", and single
> user:"Administrator tmpl" will be identified as two users "Administrator" &
> "tmpl".
> . Usernames with "DOT" in them "Ahmed.Aly" will be spitted out by their
> first part only "Ahmed".
> . And last error, ([-] Current session is not running as Domain Admin)
> that's not right, the session *is* running as a domain admin.
>
> In the meantime, I'll stick to the good old "net group /domain" command to
> get my token_hunt_user list :)
> ------------------------------------------
>
>
> I apologize if I'm becoming noisy or annoying throwing every error I come
> across to the mailing list, if this is the case, someone just tell me so
> I'll slow down he rate of me spamming you.
>
> Regards,
> Sherif.
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework