ContextQMD
Back to Metasploit Framework

Resolve Sid

documentation/modules/post/windows/gather/resolve_sid.md

6.4.131824 B
Original Source

Vulnerable Application

This module prints information about a given SID from the perspective of this session.

Verification Steps

  1. Start msfconsole
  2. Get a session on a Windows host
  3. Do: use post/windows/gather/resolve_sid
  4. Do: set session [#]
  5. Do: run
  6. You should receive user SID information

Options

SID

SID to lookup.

SYSTEM_NAME

Where to search. If undefined, first local then trusted DCs.

Scenarios

Windows 2008 SP1 DC

msf > use post/windows/gather/resolve_sid
msf post(windows/gather/resolve_sid) > set sid S-1-5-32-544
sid => S-1-5-32-544
msf post(windows/gather/resolve_sid) > set session 1
session => 1
msf post(windows/gather/resolve_sid) > run

[*] SID Type: alias
[*] Name:     Administrators
[*] Domain:   BUILTIN
[*] Post module execution completed