Home page logo

metasploit logo Metasploit mailing list archives

Re: domain_list_gen script errors
From: "Sherif Eldeeb" <archeldeeb () gmail com>
Date: Sun, 25 Apr 2010 17:39:33 +0300

Almost there, for some reason the script insists that I'm not a domain
admin, which kind of offends me "script is case sensitive? Windows is not
:)" also it gives a false positive for a user full of dashes "maybe from the
output of the command".

meterpreter > run domain_list_gen
[*] found users will be saved to
[*] Accounts Found:
[*]     FOOBAR\Administrator Tmpl
[*]     FOOBAR\ehaf
[*]     FOOBAR\Ahmed.Aly
[*]     FOOBAR\SBS Backup User
[*]     FOOBAR\SherifEldeeb       <---- That's me
[-] Current session running as FOOBAR\sherifeldeeb is not running as Domain

meterpreter > getuid
Server username: FOOBAR\sherifeldeeb
meterpreter >


-----Original Message-----
From: Carlos Perez [mailto:carlos_perez () darkoperator com] 
Sent: Sunday, April 25, 2010 4:59 PM
To: Sherif Eldeeb
Cc: <framework () spool metasploit com>
Subject: Re: [framework] domain_list_gen script errors

Just tested the script with some changes and it should work now with dots,
space and underscores. Please test.

Carlos Perez

Sent from My Mobile Phone

On Apr 25, 2010, at 1:55 AM, "Sherif Eldeeb" <archeldeeb () gmail com> wrote:

meterpreter > run domain_list_gen
[*] found users will be saved to

[*] Accounts Found:
[*]     FOOBAR\Administrator
[*]     FOOBAR\Tmpl
[*]     FOOBAR\testAdmin
[*]     FOOBAR\Ahmed
[*]     FOOBAR\SBS
[*]     FOOBAR\Backup
[*]     FOOBAR\User
[*]     FOOBAR\SherifEldeeb
[-] Current session is not running as Domain Admin
meterpreter >


C:\Users\sherifeldeeb>net group "Domain Admins" /domain
The request will be processed at a domain controller for domain

Group name     Domain Admins
Comment        Designated administrators of the domain


Administrator Tmpl       testAdmin                    Ahmed.Aly
SBS Backup User          SherifEldeeb
The command completed successfully.



Here's what happened:
. User names with spaces are being separated as different users, using
as delimiter, . i.e. Single USER:"SBS Backup User" will be identified as
three users, USER:"SBS", USER:"BACKUP" and USER:"USER", and single
user:"Administrator tmpl" will be identified as two users "Administrator"
. Usernames with "DOT" in them "Ahmed.Aly" will be spitted out by their
first part only "Ahmed".
. And last error, ([-] Current session is not running as Domain Admin)
that's not right, the session *is* running as a domain admin.

In the meantime, I'll stick to the good old "net group /domain" command to
get my token_hunt_user list :)

I apologize if I'm becoming noisy or annoying throwing every error I come
across to the mailing list, if this is the case, someone just tell me so
I'll slow down he rate of me spamming you. 




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]