-
Notifications
You must be signed in to change notification settings - Fork 200
/
ReconAD.cna
124 lines (97 loc) · 4.66 KB
/
ReconAD.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#author Cornelis de Plaa
#@outflank.nl
beacon_command_register("ReconAD", "Use ADSI to query Active Directory objects and attributes.",
"Use Active Directory Service Interfaces (ADSI) to query for AD objects and corresponding attributes.\n\n" .
"Synopsis: ReconAD (custom ldap filter) [opt: comma separated ldap attributes (or -all)] [opt: max results (or -max)] [opt: -usegc (or -ldap)] [opt: server:port]\n" .
" ReconAD (&(objectClass=user)(objectCategory=person)(sAMAccountName=*admin*)) displayName,sAMAccountName 10\n" .
" ReconAD \"(&(objectCategory=group)sAMAccountName=Domain Admins)\" -all -max -usegc\n");
beacon_command_register("ReconAD-Users", "Use ADSI to query Active Directory user objects and attributes.",
"Use Active Directory Service Interfaces (ADSI) to query user objects and corresponding attributes.\n\n" .
"Synopsis: ReconAD-Users username [opt: comma separated ldap attributes (or -all)] [opt: max results (or -max)] [opt: -usegc (or -ldap)] [opt: server:port]\n" .
" ReconAD-Users *admin* displayName,sAMAccountName 10\n" .
" ReconAD-Users serveradmin -all -max -usegc\n");
beacon_command_register("ReconAD-Computers", "Use ADSI to query Active Directory computer objects and attributes.",
"Use Active Directory Service Interfaces (ADSI) to query computer objects and corresponding attributes.\n\n" .
"Synopsis: ReconAD-Computers computername [opt: comma separated ldap attributes (or -all)] [opt: max results (or -max)] [opt: -usegc (or -ldap) [opt: server:port]\n" .
" ReconAD-Computers *dc* -all -max -usegc\n" .
" ReconAD-Computers *srv* name,operatingSystemVersion 20\n");
beacon_command_register("ReconAD-Groups", "Use ADSI to query Active Directory group objects and attributes.",
"Use Active Directory Service Interfaces (ADSI) to query group objects and corresponding attributes.\n\n" .
"Synopsis: ReconAD-Groups groupname [opt: comma separated ldap attributes (or -all)] [opt: max results (or -max)] [opt: -usegc (or -ldap)] [opt: server:port]\n" .
" ReconAD-Groups \"Domain Admins\" -all -max -usegc\n" .
" ReconAD-Groups *server* displayName,sAMAccountName 10\n");
alias ReconAD {
$bid = $1;
$filter = $2;
$attr = iff(-istrue $3, $3, "-all");
$count = iff($4 eq "-max", 0, $4);
$usegc = iff($5 eq "-usegc", 1, 0);
$server = iff(-istrue $6, $6, "-noserver");
if ($filter eq "") {
berror($bid, "Please specify a LDAP filter.");
return;
}
# Read in the right BOF file
$handle = openf(script_resource("ReconAD." . barch($bid) . ".o"));
$data = readb($handle, -1);
closef($handle);
$arg_data = bof_pack($bid, "ZZZiiZ", "custom", $filter, $attr, $count, $usegc, $server);
beacon_inline_execute($bid, $data, "go", $arg_data);
}
alias ReconAD-Users {
$bid = $1;
$object = $2;
$attr = iff(-istrue $3, $3, "-all");
$count = iff($4 eq "-max", 0, $4);
$usegc = iff($5 eq "-usegc", 1, 0);
$server = iff(-istrue $6, $6, "-noserver");
if ($object eq "") {
berror($bid, "Please specify a username.");
return;
}
# Read in the right BOF file
$handle = openf(script_resource("ReconAD." . barch($bid) . ".o"));
$data = readb($handle, -1);
closef($handle);
blog($bid, "Let's enumerate user(s): " . $object . "\n");
$arg_data = bof_pack($bid, "ZZZiiZ", "users", $object, $attr, $count, $usegc, $server);
beacon_inline_execute($bid, $data, "go", $arg_data);
}
alias ReconAD-Groups {
$bid = $1;
$object = $2;
$attr = iff(-istrue $3, $3, "-all");
$count = iff($4 eq "-max", 0, $4);
$usegc = iff($5 eq "-usegc", 1, 0);
$server = iff(-istrue $6, $6, "-noserver");
if ($object eq "") {
berror($bid, "Please specify a groupname.");
return;
}
# Read in the right BOF file
$handle = openf(script_resource("ReconAD." . barch($bid) . ".o"));
$data = readb($handle, -1);
closef($handle);
blog($bid, "Let's enumerate group(s): " . $object . "\n");
$arg_data = bof_pack($bid, "ZZZiiZ", "groups", $object, $attr, $count, $usegc, $server);
beacon_inline_execute($bid, $data, "go", $arg_data);
}
alias ReconAD-Computers {
$bid = $1;
$object = $2;
$attr = iff(-istrue $3, $3, "-all");
$count = iff($4 eq "-max", 0, $4);
$usegc = iff($5 eq "-usegc", 1, 0);
$server = iff(-istrue $6, $6, "-noserver");
if ($object eq "") {
berror($bid, "Please specify a computername.");
return;
}
# Read in the right BOF file
$handle = openf(script_resource("ReconAD." . barch($bid) . ".o"));
$data = readb($handle, -1);
closef($handle);
blog($bid, "Let's enumerate computer(s): " . $object . "\n");
$arg_data = bof_pack($bid, "ZZZiiZ", "computers", $object, $attr, $count, $usegc, $server);
beacon_inline_execute($bid, $data, "go", $arg_data);
}