Home page logo

metasploit logo Metasploit mailing list archives

Re: domain_list_gen script errors
From: Carlos Perez <carlos_perez () darkoperator com>
Date: Sun, 25 Apr 2010 10:01:54 -0400

just in case here is the output

meterpreter > run domain_list_gen
[*] found users will be saved to
[*] Accounts Found:
[*] ACMEPRODINC\Administrator
[*] ACMEPRODINC\carlos perez
[*] ACMEPRODINC\carlos.perez
[*] ACMEPRODINC\carlos_perez
[*] ACMEPRODINC\domadmin
[*] Current sessions running as ACMEPRODINC\carlos.perez is a Domain Admin!!
meterpreter >

On Sun, Apr 25, 2010 at 1:55 AM, Sherif Eldeeb <archeldeeb () gmail com> wrote:

meterpreter > run domain_list_gen
[*] found users will be saved to

[*] Accounts Found:
[*]     FOOBAR\Administrator
[*]     FOOBAR\Tmpl
[*]     FOOBAR\testAdmin
[*]     FOOBAR\Ahmed
[*]     FOOBAR\SBS
[*]     FOOBAR\Backup
[*]     FOOBAR\User
[*]     FOOBAR\SherifEldeeb
[-] Current session is not running as Domain Admin
meterpreter >


C:\Users\sherifeldeeb>net group "Domain Admins" /domain
The request will be processed at a domain controller for domain FOOBAR.COM

Group name     Domain Admins
Comment        Designated administrators of the domain


Administrator Tmpl       testAdmin                    Ahmed.Aly
SBS Backup User          SherifEldeeb
The command completed successfully.



Here's what happened:
. User names with spaces are being separated as different users, using
as delimiter, . i.e. Single USER:"SBS Backup User" will be identified as
three users, USER:"SBS", USER:"BACKUP" and USER:"USER", and single
user:"Administrator tmpl" will be identified as two users "Administrator" &
. Usernames with "DOT" in them "Ahmed.Aly" will be spitted out by their
first part only "Ahmed".
. And last error, ([-] Current session is not running as Domain Admin)
that's not right, the session *is* running as a domain admin.

In the meantime, I'll stick to the good old "net group /domain" command to
get my token_hunt_user list :)

I apologize if I'm becoming noisy or annoying throwing every error I come
across to the mailing list, if this is the case, someone just tell me so
I'll slow down he rate of me spamming you.




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]