Land rapid7#4389, Meatballs1's fix for enum_ad_* post module regressions

Fixes rapid7#4387 by adjusting for the new return type from ADSI queries.

Author: Brent Cook

lib/msf/core/post/windows/ldap.rb

@@ -149,7 +149,7 @@ def get_default_naming_context(domain=nil)
       query_result = query_ldap(session_handle, "", 0, "(objectClass=computer)", ["defaultNamingContext"])
       first_entry_fields = query_result[:results].first
       # Value from First Attribute of First Entry
-      default_naming_context = first_entry_fields.first
+      default_naming_context = first_entry_fields.first[:value]
       vprint_status("Default naming context #{default_naming_context}")
       return default_naming_context
     end
@@ -231,7 +231,7 @@ def query_ldap(session_handle, base, scope, filter, fields)
         values_result = values.join(',') if values
         vprint_status("Values #{values}")
 
-        field_results << values_result
+        field_results << {:type => 'unknown', :value => values_result}
       end
 
       entry_results << field_results

modules/post/windows/gather/enum_ad_computers.rb

@@ -81,7 +81,7 @@ def run
 
       report = {}
       0.upto(fields.length-1) do |i|
-        field = result[i] || ""
+        field = result[i][:value] || ""
 
         # Only perform these actions if the database is connected and we want
         # to store in the DB.
@@ -92,7 +92,7 @@ def run
             report[:name] = dns
             hostnames << dns
           when 'operatingSystem'
-            report[:os_name] = field
+            report[:os_name] = field.gsub("\xAE",'')
           when 'distinguishedName'
             if field =~ /Domain Controllers/i
               # TODO: Find another way to mark a host as being a domain controller

modules/post/windows/gather/enum_ad_service_principal_names.rb

@@ -100,7 +100,7 @@ def parse_result(result, fields)
     row = []
 
     0.upto(fields.length-1) do |i|
-      field = (result[i].nil? ? "" : result[i])
+      field = (result[i][:value].nil? ? "" : result[i][:value])
 
       if fields[i] == 'servicePrincipalName'
         break if field.blank?

modules/post/windows/gather/enum_ad_to_wordlist.rb

@@ -26,7 +26,6 @@ class Metasploit3 < Msf::Post
     'company',
     'streetAddress',
     'sAMAccountName',
-    'userAccountControl',
     'comment',
     'description'
   ]
@@ -37,7 +36,7 @@ def initialize(info={})
       'Description'  => %q{
         This module will gather information from the default Active Domain (AD) directory
         and use these words to seed a wordlist. By default it enumerates user accounts to
-        build the wordlist
+        build the wordlist.
       },
       'License'      => MSF_LICENSE,
       'Author'       => ['Thomas Ring'],
@@ -69,7 +68,7 @@ def run
     @words_dict = {}
     q[:results].each do |result|
       result.each do |field|
-        search_words(field)
+        search_words(field[:value])
       end # result.each
     end # q.each
 

modules/post/windows/gather/enum_ad_user_comments.rb

@@ -65,10 +65,11 @@ def run
 
       report = {}
       result.each do |field|
-        if field.nil?
+        if field[:value].nil?
           row << ""
         else
-          row << field
+          row << field[:value]
+
         end
       end