Add the LOOKUP_COMPUTER action

zeroSteiner · zeroSteiner · commit 084fc194ea8a · 2022-06-13T17:20:34.000-04:00
diff --git a/modules/auxiliary/admin/dcerpc/samr_computer.rb b/modules/auxiliary/admin/dcerpc/samr_computer.rb
@@ -32,6 +32,7 @@ def initialize(info = {})
         },
         'Actions' => [
           [ 'ADD_COMPUTER', { 'Description' => 'Add a computer account' } ],
+          [ 'LOOKUP_COMPUTER', { 'Description' => 'Lookup a computer account' } ]
         ],
         'DefaultAction' => 'ADD_COMPUTER'
       )
@@ -164,6 +165,20 @@ def action_add_computer
     report_creds(@domain_name, computer_name, password)
   end
 
+  def action_lookup_computer
+    fail_with(Failure::BadConfig, 'This action requires COMPUTER_NAME to be specified.') if datastore['COMPUTER_NAME'].blank?
+    computer_name = datastore['COMPUTER_NAME']
+
+    details = @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ])
+    if details.nil?
+      print_error('The specified computer was not found.')
+      return
+    end
+    details = details[computer_name]
+    sid = @samr.samr_rid_to_sid(object_handle: @domain_handle, rid: details[:rid]).to_s
+    print_good("Found #{@domain_name}\\#{computer_name} (SID: #{sid})")
+  end
+
   def report_creds(domain, username, password)
     service_data = {
       address: datastore['RHOST'],
