#!/usr/bin/perl -w #----- # should get local users from a subnet.... # scan.pl xxx.xxx.xxx #---- use strict; use Net::NBName; use Win32::Lanman; my $server; my $subnet = $ARGV[0]; my $nb = Net::NBName->new; my @users; for my $hostbit (2..253) { $server = "$subnet\.$hostbit"; my $username = ""; my $password = ""; my $null = ""; my $ns = $nb->node_status($server); if ($ns) { if (connectipc($server, $password, $username, $null)) { #### print "null session to $server successful.\n"; @users = getusers($server); if (@users) { foreach (@users) { my ($group,$user) = split(/:/,$_); print "$user\n"; } } else { print "Did not retrieve local users.\n"; } print "\n"; if (disconnect($server)) { print "Disconnected from $server.\n"; } else { print "Could not disconnect.\n"; } } else { print "failed to connect\n"; } } else { print "$server isn't running netbios\n"; } } #----- # connect to ipc share #---- sub connectipc { my($server,$password,$username,$null) = @_; my(%Hash) = ( remote => "\\\\$server\\ipc\$", asg_type => &USE_IPC, password => $password, username => $username, domainname => $null ); Win32::Lanman::NetUseAdd(\%Hash); } #----- # disconnect ipc connection #---- sub disconnect { my(@server) = @_; Win32::Lanman::NetUseDel("\\\\$server\\ipc\$",&USE_FORCE); } #----- # get local users #---- sub getusers { my($server) = @_; my($err,$group,$member); my(@groups,@members,@users) = (); if(Win32::Lanman::NetLocalGroupEnum("\\\\$server", \@groups)) { foreach $group (@groups) { if(Win32::Lanman::NetLocalGroupGetMembers("\\\\$server", ${$group}{'name'}, \@members)) { foreach $member (@members) { push(@users, "${$group}{'name'}:${$member}{'domainandname'}"); } } else { $err = Win32::FormatMessage Win32::Lanman::GetLastError(); $err = Win32::Lanman::GetLastError() if ($err eq ""); print "NetLocalGroupGetMembers error: $err\n"; } } } else { $err = Win32::FormatMessage Win32::Lanman::GetLastError(); $err = Win32::Lanman::GetLastError() if ($err eq ""); print "NetLocalGroupEnum error: $err\n"; } return @users; }