Skip to content

Commit 28a38f3

Browse files
dwelch-r7dwelch-r7
authored
Land rapid7#18908, Update SAMR computer and ICPR cert to support SMB sessions
2 parents 97ef5cf + 76166c0 commit 28a38f3

File tree

2 files changed

+44
-4
lines changed

2 files changed

+44
-4
lines changed

modules/auxiliary/admin/dcerpc/icpr_cert.rb

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ class MetasploitModule < Msf::Auxiliary
1010
include Msf::Exploit::Remote::SMB::Client::Authenticated
1111
include Msf::Exploit::Remote::DCERPC
1212
include Msf::Auxiliary::Report
13+
include Msf::OptionalSession::SMB
1314

1415
def initialize(info = {})
1516
super(
@@ -61,7 +62,24 @@ def run
6162
end
6263

6364
def action_request_cert
64-
request_certificate
65+
with_ipc_tree do |opts|
66+
request_certificate(opts)
67+
end
6568
end
6669

70+
# @yieldparam options [Hash] If a SMB session is present, a hash with the IPC tree present. Empty hash otherwise.
71+
# @return [void]
72+
def with_ipc_tree
73+
opts = {}
74+
if session
75+
print_status("Using existing session #{session.sid}")
76+
client = session.client
77+
self.simple = ::Rex::Proto::SMB::SimpleClient.new(client.dispatcher.tcp_socket, client: client)
78+
opts[:tree] = simple.client.tree_connect("\\\\#{client.dispatcher.tcp_socket.peerhost}\\IPC$")
79+
end
80+
81+
yield opts
82+
ensure
83+
opts[:tree].disconnect! if opts[:tree]
84+
end
6785
end

modules/auxiliary/admin/dcerpc/samr_computer.rb

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ class MetasploitModule < Msf::Auxiliary
1010
include Msf::Exploit::Remote::DCERPC
1111
include Msf::Auxiliary::Report
1212
include Msf::Exploit::Remote::MsSamr
13+
include Msf::OptionalSession::SMB
1314

1415
def initialize(info = {})
1516
super(
@@ -67,17 +68,38 @@ def run
6768
end
6869

6970
def action_add_computer
70-
add_computer
71+
with_ipc_tree do |opts|
72+
add_computer(opts)
73+
end
7174
end
7275

7376
def action_delete_computer
7477
fail_with(Failure::BadConfig, 'This action requires COMPUTER_NAME to be specified.') if datastore['COMPUTER_NAME'].blank?
75-
delete_computer
78+
with_ipc_tree do |opts|
79+
delete_computer(opts)
80+
end
7681
end
7782

7883
def action_lookup_computer
7984
fail_with(Failure::BadConfig, 'This action requires COMPUTER_NAME to be specified.') if datastore['COMPUTER_NAME'].blank?
80-
lookup_computer
85+
with_ipc_tree do |opts|
86+
lookup_computer(opts)
87+
end
8188
end
8289

90+
# @yieldparam options [Hash] If a SMB session is present, a hash with the IPC tree present. Empty hash otherwise.
91+
# @return [void]
92+
def with_ipc_tree
93+
opts = {}
94+
if session
95+
print_status("Using existing session #{session.sid}")
96+
client = session.client
97+
self.simple = ::Rex::Proto::SMB::SimpleClient.new(client.dispatcher.tcp_socket, client: client)
98+
opts[:tree] = simple.client.tree_connect("\\\\#{client.dispatcher.tcp_socket.peerhost}\\IPC$")
99+
end
100+
101+
yield opts
102+
ensure
103+
opts[:tree].disconnect! if opts[:tree]
104+
end
83105
end

0 commit comments

Comments
 (0)