Re: domain_list_gen script errors

["Sherif Eldeeb" <archeldeeb () gmail com>]

Almost there, for some reason the script insists that I'm not a domain
admin, which kind of offends me "script is case sensitive? Windows is not
:)" also it gives a false positive for a user full of dashes "maybe from the
output of the command".


meterpreter > run domain_list_gen
[*] found users will be saved to
/root/.msf3/logs/domain_admins/SHERIFELDEEB_20100425.3335-64667/SHERIFELDEEB
_20100425.3335-64667.txt
[*] Accounts Found:
[*]
FOOBAR\---------------------------------------------------------------------
----------
[*]     FOOBAR\Administrator Tmpl
[*]     FOOBAR\ehaf
[*]     FOOBAR\Ahmed.Aly
[*]     FOOBAR\SBS Backup User
[*]     FOOBAR\SherifEldeeb       <---- That's me
[-] Current session running as FOOBAR\sherifeldeeb is not running as Domain
Admin

meterpreter > getuid
Server username: FOOBAR\sherifeldeeb
meterpreter >

Regards,
Sherif.

-----Original Message-----
From: Carlos Perez [mailto:carlos_perez () darkoperator com] 
Sent: Sunday, April 25, 2010 4:59 PM
To: Sherif Eldeeb
Cc: <framework () spool metasploit com>
Subject: Re: [framework] domain_list_gen script errors

Just tested the script with some changes and it should work now with dots,
space and underscores. Please test.

Cheers,
Carlos Perez

Sent from My Mobile Phone

On Apr 25, 2010, at 1:55 AM, "Sherif Eldeeb" <archeldeeb () gmail com> wrote:

> meterpreter > run domain_list_gen
> [*] found users will be saved to
/root/.msf3/logs/domain_admins/SHERIFELDEEB_20100425.3043-38619/SHERIFELDEEB
> _20100425.3043-38619.txt
> [*] Accounts Found:
> [*]     FOOBAR\Administrator
> [*]     FOOBAR\Tmpl
> [*]     FOOBAR\testAdmin
> [*]     FOOBAR\Ahmed
> [*]     FOOBAR\SBS
> [*]     FOOBAR\Backup
> [*]     FOOBAR\User
> [*]     FOOBAR\SherifEldeeb
> [-] Current session is not running as Domain Admin
> meterpreter >
>
> ------------------------------------------
>
> C:\Users\sherifeldeeb>net group "Domain Admins" /domain
> The request will be processed at a domain controller for domain
FOOBAR.COM.
> Group name     Domain Admins
> Comment        Designated administrators of the domain
>
> Members
----------------------------------------------------------------------------
> ---
> Administrator Tmpl       testAdmin                    Ahmed.Aly
> SBS Backup User          SherifEldeeb
> The command completed successfully.
>
>
> C:\Users\sherifeldeeb>
>
> ------------------------------------------
>
> Here's what happened:
> . User names with spaces are being separated as different users, using
space
> as delimiter, . i.e. Single USER:"SBS Backup User" will be identified as
> three users, USER:"SBS", USER:"BACKUP" and USER:"USER", and single
> user:"Administrator tmpl" will be identified as two users "Administrator"
&
> "tmpl". 
> . Usernames with "DOT" in them "Ahmed.Aly" will be spitted out by their
> first part only "Ahmed".
> . And last error, ([-] Current session is not running as Domain Admin)
> that's not right, the session *is* running as a domain admin.
>
> In the meantime, I'll stick to the good old "net group /domain" command to
> get my token_hunt_user list :)
> ------------------------------------------
>
>
> I apologize if I'm becoming noisy or annoying throwing every error I come
> across to the mailing list, if this is the case, someone just tell me so
> I'll slow down he rate of me spamming you. 
>
> Regards,
> Sherif.
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework