Update smb-enum-groups to structured output

2025-12-25 08:59:01 +00:00 · 2014-09-05 13:08:13 +00:00
parent a41685fd33
commit 4a9cd8af7d
1 changed files with 105 additions and 28 deletions
--- a/scripts/smb-enum-groups.nse
+++ b/scripts/smb-enum-groups.nse
@@ -41,23 +41,90 @@ the same thing.
 --
 -- @output
 -- Host script results:
-- |  smb-enum-groups:
-- |  |  WINDOWS2003\HelpServicesGroup: SUPPORT_388945a0
-- |  |  WINDOWS2003\IIS_WPG: SYSTEM, SERVICE, NETWORK SERVICE, IWAM_WINDOWS2003
-- |  |  WINDOWS2003\TelnetClients: <empty>
-- |  |  Builtin\Print Operators: <empty>
-- |  |  Builtin\Replicator: <empty>
-- |  |  Builtin\Network Configuration Operators: <empty>
-- |  |  Builtin\Performance Monitor Users: <empty>
-- |  |  Builtin\Users: INTERACTIVE, Authenticated Users, ron, ASPNET, test
-- |  |  Builtin\Power Users: <empty>
-- |  |  Builtin\Backup Operators: <empty>
-- |  |  Builtin\Remote Desktop Users: <empty>
-- |  |  Builtin\Administrators: Administrator, ron, test
-- |  |  Builtin\Performance Log Users: NETWORK SERVICE
-- |  |  Builtin\Guests: Guest, IUSR_WINDOWS2003
-- |_ |_ Builtin\Distributed COM Users: <empty>
-----------------------------------------------------------------------
+-- | smb-enum-groups:
+-- |   Builtin\Administrators (RID: 544): Administrator, Daniel
+-- |   Builtin\Users (RID: 545): <empty>
+-- |   Builtin\Guests (RID: 546): Guest
+-- |   Builtin\Performance Monitor Users (RID: 558): <empty>
+-- |   Builtin\Performance Log Users (RID: 559): Daniel
+-- |   Builtin\Distributed COM Users (RID: 562): <empty>
+-- |   Builtin\IIS_IUSRS (RID: 568): <empty>
+-- |   Builtin\Event Log Readers (RID: 573): <empty>
+-- |   azure\HomeUsers (RID: 1000): Administrator, Daniel, HomeGroupUser$
+-- |_  azure\HelpLibraryUpdaters (RID: 1003): <empty>
+--
+-- @xmloutput
+-- <table key="Builtin">
+--   <table key="RID 544">
+--     <table key="member_sids">
+--       <elem>S-1-5-21-12345678-1234567890-0987654321-500</elem>
+--       <elem>S-1-5-21-12345678-1234567890-0987654321-1001</elem>
+--     </table>
+--     <elem key="name">Administrators</elem>
+--     <table key="members">
+--       <elem>Administrator</elem>
+--       <elem>Daniel</elem>
+--     </table>
+--   </table>
+--   <table key="RID 545">
+--     <table key="member_sids">
+--       <elem>S-1-5-4</elem>
+--       <elem>S-1-5-11</elem>
+--     </table>
+--     <elem key="name">Users</elem>
+--     <table key="members"></table>
+--   </table>
+--   <table key="RID 546">
+--     <table key="member_sids">
+--       <elem>S-1-5-21-12345678-1234567890-0987654321-501</elem>
+--     </table>
+--     <elem key="name">Guests</elem>
+--     <table key="members">
+--       <elem>Guest</elem>
+--     </table>
+--   </table>
+--   <table key="RID 559">
+--     <table key="member_sids">
+--       <elem>S-1-5-21-12345678-1234567890-0987654321-1001</elem>
+--     </table>
+--     <elem key="name">Performance Log Users</elem>
+--     <table key="members">
+--       <elem>Daniel</elem>
+--     </table>
+--   </table>
+--   <table key="RID 562">
+--     <table key="member_sids"></table>
+--     <elem key="name">Distributed COM Users</elem>
+--     <table key="members"></table>
+--   </table>
+--   <table key="RID 568">
+--     <table key="member_sids">
+--       <elem>S-1-5-17</elem>
+--     </table>
+--     <elem key="name">IIS_IUSRS</elem>
+--     <table key="members"></table>
+--   </table>
+-- </table>
+-- <table key="azure">
+--   <table key="RID 1000">
+--     <table key="member_sids">
+--       <elem>S-1-5-21-12345678-1234567890-0987654321-500</elem>
+--       <elem>S-1-5-21-12345678-1234567890-0987654321-1001</elem>
+--       <elem>S-1-5-21-12345678-1234567890-0987654321-1002</elem>
+--     </table>
+--     <elem key="name">HomeUsers</elem>
+--     <table key="members">
+--       <elem>Administrator</elem>
+--       <elem>Daniel</elem>
+--       <elem>HomeGroupUser$</elem>
+--     </table>
+--   </table>
+--   <table key="RID 1003">
+--     <table key="member_sids"></table>
+--     <elem key="name">HelpLibraryUpdaters</elem>
+--     <table key="members"></table>
+--   </table>
+-- </table>

 author = "Ron Bowes"
 copyright = "Ron Bowes"
@@ -70,27 +137,37 @@ hostrule = function(host)
  return smb.get_port(host) ~= nil
 end

+local empty = {"<empty>"}
+
 action = function(host)
  local status, groups = msrpc.samr_enum_groups(host)
  if(not(status)) then
    return stdnse.format_output(false, "Couldn't enumerate groups: " .. groups)
  end

-  local response = {}
+  local response = stdnse.output_table()
+  local response_str = {}

-  for domain_name, domain_data in pairs(groups) do
+  local domains = stdnse.keys(groups)
+  table.sort(domains)
+  for _, domain_name in ipairs(domains) do
+    local dom_groups = stdnse.output_table()
+    response[domain_name] = dom_groups
+    local domain_data = groups[domain_name]

-    for rid, group_data in pairs(domain_data) do
-      local members = group_data['members']
-      if(#members > 0) then
-        members = stdnse.strjoin(", ", group_data['members'])
-      else
-        members = "<empty>"
-      end
-      table.insert(response, string.format("%s\\%s (RID: %s): %s", domain_name, group_data['name'], rid, members))
+    local rids = stdnse.keys(domain_data)
+    table.sort(rids)
+    for _, rid in ipairs(rids) do
+      local group_data = domain_data[rid]
+      -- TODO: Map SIDs to names, show non-named SIDs
+      table.insert(response_str,
+        string.format("\n  %s\\%s (RID: %s): %s", domain_name, group_data.name, rid,
+          table.concat(#group_data.members > 0 and group_data.members or empty, ", "))
+        )
+      dom_groups[string.format("RID %d", rid)] = group_data
    end
  end

-  return stdnse.format_output(true, response)
+  return response, table.concat(response_str)
 end